MAL-2024-11619

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/j5gnpuiwerbngpiutbgn0iutb0pfwef/MAL-2024-11619.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2024-11619
Published
2024-10-16T21:12:32Z
Modified
2026-03-19T12:54:14.730855Z
Summary
Malicious code in j5gnpuiwerbngpiutbgn0iutb0pfwef (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (51f6d35c5375794ab0e1fdb23c00c2a82ad0e3d9e5731031a652d9e3a8766a9a)

According to the description, packages should demonstrate the dependency confusion attack. The realisation is, in fact, a spamming with packages having as the only purpose reporting basic data like hostname and current working directory.

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: 2024-10-lokopoil23

Reasons (based on the campaign):

  • dependency-confusion
Database specific 
{
    "malicious-packages-origins": [
        {
            "id": "RLMA-2024-11073",
            "import_time": "2024-12-09T14:38:44.95877221Z",
            "source": "reversing-labs",
            "versions": [
                "0.0.1"
            ],
            "modified_time": "2024-12-09T06:50:29Z",
            "sha256": "811a4a6e9d0c9506f02ed6d8e9110d17a31bebfc0d688fe495ee8105d5109fa3"
        },
        {
            "id": "pypi/2024-10-lokopoil23/j5gnpuiwerbngpiutbgn0iutb0pfwef",
            "import_time": "2025-12-02T22:30:56.137822777Z",
            "source": "kam193",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "modified_time": "2024-10-16T21:12:32Z",
            "sha256": "58122ccffbbdc7be1add80169cb5870f47e2a7b770b9f0d76c29a0dbd203cf46"
        },
        {
            "id": "pypi/2024-10-lokopoil23/j5gnpuiwerbngpiutbgn0iutb0pfwef",
            "import_time": "2025-12-02T23:07:19.323958746Z",
            "source": "kam193",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "modified_time": "2024-10-16T21:12:32Z",
            "sha256": "51f6d35c5375794ab0e1fdb23c00c2a82ad0e3d9e5731031a652d9e3a8766a9a"
        },
        {
            "id": "pypi/2024-10-lokopoil23/j5gnpuiwerbngpiutbgn0iutb0pfwef",
            "import_time": "2025-12-10T21:38:58.455832146Z",
            "source": "kam193",
            "versions": [
                "0.0.1"
            ],
            "modified_time": "2024-10-16T21:12:32Z",
            "sha256": "e5a7f500bfce639163b5e5237f1c564a06d64a8c90b6787945146e9a4aa25eec"
        },
        {
            "id": "RLUA-2026-00437",
            "import_time": "2026-03-19T12:19:56.097115554Z",
            "source": "reversing-labs",
            "modified_time": "2026-03-18T12:15:11Z",
            "sha256": "e9bbccec51d60a1b34eb692d8bc3e9989132f3ecd51c2b8aa6264fe910ccc813"
        }
    ],
    "iocs": {
        "domains": [
            "3gkkr6u2z1a9rinocp0ue4tw1n7ev4jt.oastify.com"
        ]
    }
}
References
Credits

Affected packages

PyPI / j5gnpuiwerbngpiutbgn0iutb0pfwef

Package

Name
j5gnpuiwerbngpiutbgn0iutb0pfwef
View open source insights on deps.dev
Purl
pkg:pypi/j5gnpuiwerbngpiutbgn0iutb0pfwef

Affected ranges

Affected versions

0.*
0.0.1

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/j5gnpuiwerbngpiutbgn0iutb0pfwef/MAL-2024-11619.json"