MAL-2024-11618
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/j5gnpfweguiwerbngpiutbgn0iutb0pfwfef/MAL-2024-11618.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2024-11618
- Published
- 2024-10-16T21:12:32Z
- Modified
- 2026-03-19T12:54:15.670855Z
- Summary
- Malicious code in j5gnpfweguiwerbngpiutbgn0iutb0pfwfef (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (41b992b1717ae4c37710bfcb4b86d013ca8f3eb95dc9e06f47bdd813010db976)
According to the description, packages should demonstrate the dependency confusion attack. The realisation is, in fact, a spamming with packages having as the only purpose reporting basic data like hostname and current working directory.
Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
Campaign: 2024-10-lokopoil23
Reasons (based on the campaign):
- dependency-confusion
- Database specific
{ "iocs": { "domains": [ "3gkkr6u2z1a9rinocp0ue4tw1n7ev4jt.oastify.com" ] }, "malicious-packages-origins": [ { "id": "RLMA-2024-11072", "import_time": "2024-12-09T14:38:44.917906108Z", "sha256": "d611549633d8d168b74cc6ebb46afa2a64d6c1c77b884f593420a785d734e7fa", "source": "reversing-labs", "modified_time": "2024-12-09T06:50:29Z", "versions": [ "0.0.1" ] }, { "id": "pypi/2024-10-lokopoil23/j5gnpfweguiwerbngpiutbgn0iutb0pfwfef", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "import_time": "2025-12-02T22:30:56.133165033Z", "sha256": "77243cbc9cd8223e444a80c02ae26990b9545c66ddb3bd2213b92ac55abb07ea", "source": "kam193", "modified_time": "2024-10-16T21:12:32Z" }, { "id": "pypi/2024-10-lokopoil23/j5gnpfweguiwerbngpiutbgn0iutb0pfwfef", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "import_time": "2025-12-02T23:07:19.321926829Z", "sha256": "41b992b1717ae4c37710bfcb4b86d013ca8f3eb95dc9e06f47bdd813010db976", "source": "kam193", "modified_time": "2024-10-16T21:12:32Z" }, { "id": "pypi/2024-10-lokopoil23/j5gnpfweguiwerbngpiutbgn0iutb0pfwfef", "import_time": "2025-12-10T21:38:58.453932936Z", "sha256": "8d45f3513f69411305b7be7bfbfcd62b62a68655c76bdde942f88f72064c1ac6", "source": "kam193", "modified_time": "2024-10-16T21:12:32Z", "versions": [ "0.0.1" ] }, { "id": "RLUA-2026-00436", "import_time": "2026-03-19T12:19:56.010183419Z", "sha256": "6db92150ca96d10a15ca56d129fa6490d3f7f4c279827f0386edd5764a76a070", "source": "reversing-labs", "modified_time": "2026-03-18T12:15:11Z" } ] }- References
- Credits
-
-
- Kamil Mańkowski (kam193)
-
- Kamil Mańkowski (kam193) - REPORTER
-
- ReversingLabs - FINDER
-
Affected packages
PyPI / j5gnpfweguiwerbngpiutbgn0iutb0pfwfef
Package
- Name
- j5gnpfweguiwerbngpiutbgn0iutb0pfwfef
- View open source insights on deps.dev
- Purl
- pkg:pypi/j5gnpfweguiwerbngpiutbgn0iutb0pfwfef