MAL-2024-11600

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/ggghhhrrr/MAL-2024-11600.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2024-11600

Published

2024-10-16T21:12:32Z

Modified

2026-03-19T12:53:32.062307Z

Summary

Malicious code in ggghhhrrr (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (28a551f5605f075f623a22621731c74e18e92b9e3eafef6d876457301fbeee20)

According to the description, packages should demonstrate the dependency confusion attack. The realisation is, in fact, a spamming with packages having as the only purpose reporting basic data like hostname and current working directory.

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: 2024-10-lokopoil23

Reasons (based on the campaign):

dependency-confusion

Database specific

{
    "iocs": {
        "domains": [
            "3gkkr6u2z1a9rinocp0ue4tw1n7ev4jt.oastify.com"
        ]
    },
    "malicious-packages-origins": [
        {
            "id": "RLMA-2024-11052",
            "import_time": "2024-12-09T14:38:44.062815701Z",
            "sha256": "170b2ff6390bb577a4ac72da172794ab959b9f0863babf17a50e11b4d7530950",
            "source": "reversing-labs",
            "modified_time": "2024-12-09T06:50:19Z",
            "versions": [
                "0.1",
                "0.3"
            ]
        },
        {
            "id": "pypi/2024-10-lokopoil23/ggghhhrrr",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T22:30:56.058427588Z",
            "sha256": "b50ce7dd2c9d615def1bd7c9c70ba56aa6fab4d943aba1b54eca90d5aeb1bffa",
            "source": "kam193",
            "modified_time": "2024-10-16T21:12:32Z"
        },
        {
            "id": "pypi/2024-10-lokopoil23/ggghhhrrr",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T23:07:19.248924195Z",
            "sha256": "28a551f5605f075f623a22621731c74e18e92b9e3eafef6d876457301fbeee20",
            "source": "kam193",
            "modified_time": "2024-10-16T21:12:32Z"
        },
        {
            "id": "pypi/2024-10-lokopoil23/ggghhhrrr",
            "import_time": "2025-12-10T21:38:58.390992049Z",
            "sha256": "be72f9c384b25f5a4090053d73874fe323167b6954c3a6a16b16b8335a946999",
            "source": "kam193",
            "modified_time": "2024-10-16T21:12:32Z",
            "versions": [
                "0.1",
                "0.3"
            ]
        },
        {
            "id": "RLUA-2026-00351",
            "import_time": "2026-03-19T12:19:47.938926778Z",
            "sha256": "80cf2b6d54b18cacb40847c80d5a3049a8915374cc4e4e61262022f9187dab08",
            "source": "reversing-labs",
            "modified_time": "2026-03-18T12:14:13Z"
        }
    ]
}

References

https://bad-packages.kam193.eu/pypi/package/ggghhhrrr

Credits

- Kamil Mańkowski (kam193)
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

PyPI / ggghhhrrr

Package

Name: ggghhhrrr; View open source insights on deps.dev
Purl: pkg:pypi/ggghhhrrr

Affected ranges

Affected versions

0.*

0.1

0.3

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/ggghhhrrr/MAL-2024-11600.json"