PROBABLY_PENTEST (1) campaign cataloged at 2024-07-26(2).
- Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
GENERIC-standard-pypi-install-pentest¶
Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.
Abuse categories¶
basic_exfiltration
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
override_install
The package overrides the install command in setup.py to execute malicious code during installation.
IoCs & related URLs¶
URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.
-
oast.fun -
oast.pro -
oast.live -
oast.site -
oast.online -
oast.me -
oast.cz -
oastify.com -
burpcollaborator.net -
hxxps://hooks.slack.com/services/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
Packages in the campaign¶
campaign:GENERIC-standard-pypi-install-pentest¶
- 0x000testqwe
- 123bla
- adafruit-display-text
- adafruit-imageload
- adent-core-api
- aiopbotocore
- akatest
- akh-py
- alksdjpureranser
- appetize-cli
- appsec-script-py
- appsec-utils
- arnold-toolbox
- atlasctf-21-prod-22
- blab111
- blabb111
- blz-test-package
- c8test
- c8tks94kspjghtb
- c8tks94kspjyhtb
- c8tsdk
- canvas-crawler
- ceiec
- chain00x
- check-codeowners
- chosenrce18
- chunqiuwestj-pkg-westj137
- cittronn
- cloudx-auth
- cloudx-base
- cmdb-worker-pckg
- comfyui-node-pkg
- comfyui-node-test
- companyx-metaflow
- confirmedbywaseem
- crunchie
- ctftestsowwy
- cugraph-dgl
- cugraph-service-client
- d5e54nc32y1337
- d5e54ncy1337
- debug-toolbar
- deepseeek
- deepseek-fake
- deepseekai
- dependency-confusion-test-666
- dependency133434fr43437
- dependency908
- dexat2
- discord-boteasy
- elbloadmonitor
- evil-pkk
- example-vizsla-tutorial
- flashinfer
- flexssl
- globrex
- goftvagoo
- golden-gates
- google-appengine-ext
- google-cloud-datacatalog-lineage-producer-client
- googleapis-googleapis-grpc-python
- graphcore-cloud-tools
- graphemer
- greensadway
- gwpythonsectt1
- gwpythonsectt2
- hawzebisdzazf
- hello-wordl
- hello-world-installer-test
- interasdasdnal-data-parser
- is-number-object
- jamasp
- jd-mlops
- kms-tls-sdk
- lacucaracha
- layoutspecs
- libspatialindex
- littelbitx0
- mac12manoj
- manoj3121pip
- manojmacpy
- masirkhan
- matlibplot
- matplotlibp
- mcp-xyz
- merbe
- merpe
- mkdocs-with-pdfs
- mkdsli
- multiutils
- murkh1111
- muxf
- myhexsender
- mytonctrl
- netsec-monitor
- nifty-cli
- nvidia-clara-sim
- oaieval
- oe-extract-ids
- oe-extract-idss
- opengrep
- optimux
- oracle-tools
- orion-algo-extrapol
- otc-metadata
- packagemurder
- pckaging
- pd-py-cli
- pinloggertest
- piprce
- platform-harness-ecr-configmap
- postgresql-connector-python
- private-test-1
- private-test-2
- private-test-4
- puffioner131
- puffionerlolpo2131
- pydevd-inject
- pydiolag6688
- pyqubee
- pysbark
- python-dateutil-malicious
- python-drgn-commons-all
- python-drgn-commons-kafka
- python-drgn-commons-metrics
- python-drgn-commons-notebooks
- python-drgn-commons-pandas
- python-drgn-commons-spark
- qassabi
- quizdom
- rapyd-logger
- requests-rapid
- requests-rapidl
- requests-rapidly
- route-search
- rqeuets
- rtpoc1
- rtxt-dep2
- rtxt-dep3
- rtxt-dep4
- rwimodeling
- s4transfer
- saml-helper
- search-python-common
- security-automation-job
- sensadway
- shinchina
- shiva123456
- sklearns
- some-random-package-33
- springboot
- stackstorm-runner-action-chain
- stationschedule
- story-mcp-hub
- subdomainer
- sumo-py-cli
- szn-rain-client
- szn-sasanka
- szn-search-mlops-common
- szn-search-mlops-serp-downloader
- szn-url
- szn-zbozi-ab-testing-fulltext
- terraformness
- test-test-asd-1
- testospkg
- testpysecure
- testresearchpackagedc
- this-is-poc-fortesting-dontinstall-12345
- tomli-dzw
- vfsrce18
- vfsrcetest
- voto3
- vsc-accountpage-clients
- vsc-config
- w7-poc
- w722-poc
- waseem4321
- wasi8787878
- wasig4321
- wave-opensdk
- wr-test
- your-module-name
- yt-yson-bindings