MAL-2024-12205

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/artifact-lab-3-package-e7ffd2ef/MAL-2024-12205.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2024-12205

Published

2024-08-10T23:05:21Z

Modified

2025-12-12T20:35:31.217444Z

Summary

Malicious code in artifact-lab-3-package-e7ffd2ef (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (a8260a6eedf520242c3d3c6ecca58394fd6b2cb465a2a1d9e34ece20db529d4b)

Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simple data. Pentest? An artifact from some red team curse?

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-08-lab-artifacts-revshell

Reasons (based on the campaign):

The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
The package overrides the install command in setup.py to execute malicious code during installation.

Database specific

{
    "malicious-packages-origins": [
        {
            "id": "pypi/2024-08-lab-artifacts-revshell/artifact-lab-3-package-e7ffd2ef",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T22:30:54.936957047Z",
            "sha256": "7264b195d7cf7a2c0a1906f933ea4bd92e03350afd2603e03a0c53c14481027b",
            "source": "kam193",
            "modified_time": "2024-08-10T23:05:21Z"
        },
        {
            "id": "pypi/2024-08-lab-artifacts-revshell/artifact-lab-3-package-e7ffd2ef",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T23:07:17.976267001Z",
            "sha256": "a8260a6eedf520242c3d3c6ecca58394fd6b2cb465a2a1d9e34ece20db529d4b",
            "source": "kam193",
            "modified_time": "2024-08-10T23:05:21Z"
        },
        {
            "id": "pypi/2024-08-lab-artifacts-revshell/artifact-lab-3-package-e7ffd2ef",
            "import_time": "2025-12-10T21:38:57.281430426Z",
            "sha256": "7637410a7eb942c2c7336d73b43f95871c29d98cea77f7e865aca0fc37ca845c",
            "source": "kam193",
            "modified_time": "2024-08-10T23:05:21Z",
            "versions": [
                "0.1.1"
            ]
        }
    ]
}

References

https://bad-packages.kam193.eu/pypi/package/artifact-lab-3-package-e7ffd2ef

Credits

- Kamil Mańkowski (kam193)
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- Kamil Mańkowski (kam193) - ANALYST
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/

Affected packages

PyPI / artifact-lab-3-package-e7ffd2ef

Package

Name: artifact-lab-3-package-e7ffd2ef; View open source insights on deps.dev
Purl: pkg:pypi/artifact-lab-3-package-e7ffd2ef

Affected ranges

Affected versions

0.*

0.1.1

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/artifact-lab-3-package-e7ffd2ef/MAL-2024-12205.json"