MALICIOUS (1) campaign cataloged at 2025-09-15(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2025-09-gtts-lts¶
During the execution, the package silently download and runs a JAR not related to the package job. At the time of analysis, the content was corrupted
Abuse categories¶
action-hidden-in-lib-usage
Campaign uses action-hidden-in-lib-usage.
remote_executable
Downloads and executes a remote executable.
IoCs & related URLs¶
URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.
-
hxxps://github.com/michalethernatg/symmetrical-octo-parakeet/raw/refs/heads/main/meow.bin
-
hxxps://github.com/michalethernatg/symmetrical-octo-parakeet/raw/refs/heads/main/shell.exe