MALICIOUS (1) campaign cataloged at 2026-03-03(2).

1. The campaign has clearly malicious intent, like infostealers.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2026-03-dakhara

Running the package automatically starts a Telegram bot waiting to execute remote commands. The bot credentials are dynamically collected from the pastebin.

Abuse categories

remote_commands

The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.

IoCs & related URLs

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

• hxxps://pastebin.com/raw/nbEuX2hW

Packages in the campaign

campaign:2026-03-dakhara

• dakhara