MALICIOUS (1) campaign cataloged at 2026-02-05(2).

1. The campaign has clearly malicious intent, like infostealers.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2026-02-metadata-checker

Disguised as metadata checker, packages are designed to exfiltrate hardcoded or given data to an obfuscated remote target

Abuse categories

exfiltration_generic

Campaign uses exfiltration_generic.

obfuscation

Code uses obfuscation techniques to hide its true purpose.

IoCs & related URLs

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

• 8d7sabfsd2.youkyy.com

• youkyy.com

• hxxps://8d7sabfsd2.youkyy.com/MyData.php

• hxxps://8d7sabfsd2.youkyy.com/1.php

Packages in the campaign

campaign:2026-02-metadata-checker

• metadata-checker
• web3-meme-tool