-= Per source details. Do not edit below this line.=-
Package clones a legitimate package. In the call to check the current version, the obfuscated remote code is downloaded and executed. It appears to be an infostealer
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2024-11-asn1tool
Reasons (based on the campaign):
obfuscation
dependency-confusion
typosquatting
clones-real-package
infostealer
{
"malicious-packages-origins": [
{
"versions": [
"0.167.0",
"0.167.1"
],
"sha256": "e8a3b81c6312bc3cb87be77a1a79aab0ad3ee89d865020319fa8a75c7e5b27b1",
"modified_time": "2024-12-09T06:49:47Z",
"source": "reversing-labs",
"id": "RLMA-2024-10974",
"import_time": "2024-12-09T14:38:40.866088154Z"
},
{
"sha256": "96ca0230415532472a651c1ec058230fbc59b55ea6dfac0e930d9053eda89cf7",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"modified_time": "2024-11-10T22:28:42Z",
"source": "kam193",
"id": "pypi/2024-11-asn1tool/asn1tool",
"import_time": "2025-12-02T22:30:54.94338499Z"
},
{
"sha256": "2f9270a5372d17332c32e8824c44dab167a1f2a78ebc5a204e090ac4487a0f31",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"modified_time": "2024-11-10T22:28:42Z",
"source": "kam193",
"id": "pypi/2024-11-asn1tool/asn1tool",
"import_time": "2025-12-02T23:07:17.982770545Z"
},
{
"versions": [
"0.167.0",
"0.167.1"
],
"sha256": "fcf16dae4d8151f171591b251d4155088e0f69cb2109b5c9ce796fcf56c1dda4",
"modified_time": "2024-11-10T22:28:42Z",
"source": "kam193",
"id": "pypi/2024-11-asn1tool/asn1tool",
"import_time": "2025-12-10T21:38:57.288406781Z"
},
{
"sha256": "d58b4cd705fc437469738d9f9959faa370ec527ec6d2bb1580c9e0352ce7247b",
"modified_time": "2026-03-18T12:11:12Z",
"source": "reversing-labs",
"id": "RLUA-2026-00080",
"import_time": "2026-03-19T12:19:23.744666627Z"
}
],
"iocs": {
"urls": [
"https://tinyurl.com/1atestver",
"https://tinyurl.com/l4kr0sr4t",
"https://tinyurl.com/w1ngfjs"
]
}
}