MALICIOUS (1) campaign cataloged at 2026-01-21(2).

1. The campaign has clearly malicious intent, like infostealers.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2026-01-old-terminalbrush

Package downloads an executable, places it distinguished as a Python binary and starts it. At the time of analysis, the URL was no longer active, so it was not possible to confirm the exact behaviour.

Abuse categories

remote_executable

Downloads and executes a remote executable.

IoCs & related URLs

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

• hxxps://free-proxies.cloud/download

Packages in the campaign

campaign:2026-01-old-terminalbrush

• terminalbrush