HIGH_RISK_HACKING_TOOLS (1) campaign cataloged at 2026-02-24(2).

1. Packages that are very likely to be used to build or as part of a malware, in most cases. They are not malicious on their own, but are quite a good indicator of something suspicious
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2026-02-remote-xtril

The package is designed to abuse Telegram service by spamming channels with messages. This is its main purpose.

Abuse categories

abusing-3rd-api

Campaign uses abusing-3rd-api.

other

Campaign uses other.

IoCs & related URLs

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

• hxxps://t.me/Mr_ahmadirad

• hxxps://github.com/MohammadAhmadi-R/private-pylib.git

• hxxps://github.com/MohammadAhmadi-R/remote-xtril

Packages in the campaign

campaign:2026-02-remote-xtril

• remote-xtril