MAL-2024-12201

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/artifact-lab-3-package-77d0c154/MAL-2024-12201.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2024-12201

Published

2024-08-10T23:05:21Z

Modified

2025-12-31T02:52:21.098423Z

Summary

Malicious code in artifact-lab-3-package-77d0c154 (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (6790c3a13c932def9b7e72c49a9efc861f0d5ec5d3187d11097dd51c8bb5b236)

Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simple data. Pentest? An artifact from some red team curse?

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-08-lab-artifacts-revshell

Reasons (based on the campaign):

The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
The package overrides the install command in setup.py to execute malicious code during installation.

Database specific

{
    "malicious-packages-origins": [
        {
            "id": "pypi/2024-08-lab-artifacts-revshell/artifact-lab-3-package-77d0c154",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T22:30:54.926640234Z",
            "sha256": "a9275fd2e66c3cb8a487653f1ee18af4d57e06ef38c44a1bebd97a4a783b2377",
            "source": "kam193",
            "modified_time": "2024-08-10T23:05:21Z"
        },
        {
            "id": "pypi/2024-08-lab-artifacts-revshell/artifact-lab-3-package-77d0c154",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T23:07:17.966954281Z",
            "sha256": "6790c3a13c932def9b7e72c49a9efc861f0d5ec5d3187d11097dd51c8bb5b236",
            "source": "kam193",
            "modified_time": "2024-08-10T23:05:21Z"
        },
        {
            "id": "pypi/2024-08-lab-artifacts-revshell/artifact-lab-3-package-77d0c154",
            "import_time": "2025-12-10T21:38:57.271275085Z",
            "sha256": "09e0f485b7840fe87569a554c32b231f7eb6cda1230098d54c34f97107678929",
            "source": "kam193",
            "modified_time": "2024-08-10T23:05:21Z",
            "versions": [
                "0.1.1",
                "0.2.0",
                "0.1.2"
            ]
        },
        {
            "id": "pypi/2024-08-lab-artifacts-revshell/artifact-lab-3-package-77d0c154",
            "import_time": "2025-12-30T22:39:04.035896671Z",
            "sha256": "ec9b0ad9269697bd39e5793f97f83b523464e24004e940e1899e1089b6d5330f",
            "source": "kam193",
            "modified_time": "2024-08-10T23:05:21Z",
            "versions": [
                "0.1.1",
                "0.1.2",
                "0.2.0"
            ]
        }
    ]
}

References

https://bad-packages.kam193.eu/pypi/package/artifact-lab-3-package-77d0c154

Credits

- Kamil Mańkowski (kam193)
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- Kamil Mańkowski (kam193) - ANALYST
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/

Affected packages

PyPI / artifact-lab-3-package-77d0c154

Package

Name: artifact-lab-3-package-77d0c154; View open source insights on deps.dev
Purl: pkg:pypi/artifact-lab-3-package-77d0c154

Affected ranges

Affected versions

0.*

0.1.1

0.1.2

0.2.0

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/artifact-lab-3-package-77d0c154/MAL-2024-12201.json"