MALICIOUS (1) campaign cataloged at 2026-07-08(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2026-07-pyqt6darktheme¶
Package downloads and runs a remote executable, which was found to downloads further exes and starting coine mining
Abuse categories¶
cryptominer
Campaign uses cryptominer.
malware
Package contains or installs known malware.
remote_executable
Downloads and executes a remote executable.
References¶
Referenced resources may include blog posts about the campaign, malware analysis, sandbox reports, or other relevant information.
IoCs & related URLs¶
URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.
-
hxxp://florinn.dev:65534/ins.exe -
hxxp://florinn.dev:65534/kasgjiasjfiw.exe -
hxxp://florinn.dev:65534/kasgjiasjfim.exe -
florinn.dev