Skip to content

HIGHLY_SUSPICIOUS (1) campaign cataloged at 2026-07-06(2).

  1. Packages that are likely malicious, but due to the obfuscation level, lack of time or clear indicators it's hard to say what exactly they do; the highest risk of false positives.
  2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2026-07-ibsm

Packages related to downloading suspicious libraries from Github repository, but during analysis no malicious behavior has been confirmed.

Abuse categories

remote_executable

Downloads and executes a remote executable.

References

Referenced resources may include blog posts about the campaign, malware analysis, sandbox reports, or other relevant information.

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

  • hxxps://raw.githubusercontent.com/HABS53/jubilant-dollop/main/libpython3.11.so.1.0

  • hxxps://github.com/nexlangpy-star/News/raw/refs/heads/main/libpython3.11.so

Packages in the campaign

campaign:2026-07-ibsm