MAL-2024-5203

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/hlokty/MAL-2024-5203.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2024-5203

Published

2024-06-25T13:35:57Z

Modified

2026-03-19T12:53:42.751652Z

Summary

Malicious code in hlokty (PyPI)

Details

-= Per source details. Do not edit below this line.=-

## Source: kam193 (5a87204da4f0d5ef08a7731badb5036e3551f20695a5491b1f07b617c568c8af)

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: 2023-12-kitty

Reasons (based on the campaign):

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2024-06-25T13:35:57Z",
            "versions": [
                "0.1"
            ],
            "sha256": "ae263a2bbebe79c606fcbcea0c6305d8ea45ea093dd2616eb5d076278f9ea248",
            "id": "RLMA-2024-03985",
            "source": "reversing-labs",
            "import_time": "2024-06-28T02:49:06.417762854Z"
        },
        {
            "modified_time": "2024-10-16T14:41:56Z",
            "sha256": "4c14d595a65722d6842c2e3fc653f85d6b423e92bd160e5550601fa52697051e",
            "id": "RLUA-2024-08346",
            "source": "reversing-labs",
            "import_time": "2024-10-24T00:59:16.455635785Z"
        },
        {
            "modified_time": "2024-08-09T19:42:07Z",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "sha256": "9d38850b31f1007b381b7d9350b3369d42d18b668b2168576a4dfa14c4e4b90a",
            "id": "pypi/2023-12-kitty/hlokty",
            "source": "kam193",
            "import_time": "2025-12-02T22:30:56.099491171Z"
        },
        {
            "modified_time": "2024-08-09T19:42:07Z",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "sha256": "5a87204da4f0d5ef08a7731badb5036e3551f20695a5491b1f07b617c568c8af",
            "id": "pypi/2023-12-kitty/hlokty",
            "source": "kam193",
            "import_time": "2025-12-02T23:07:19.287231755Z"
        },
        {
            "modified_time": "2024-08-09T19:42:07Z",
            "versions": [
                "0.1"
            ],
            "sha256": "8492b563e3c47210f06f5235de064ff54c84f9cb67ea790d140f74a4eeedd54a",
            "id": "pypi/2023-12-kitty/hlokty",
            "source": "kam193",
            "import_time": "2025-12-10T21:38:58.42528402Z"
        },
        {
            "modified_time": "2026-03-18T12:14:41Z",
            "sha256": "a07f435bd12046b331e7eafe8dd61ce13488f930e594ebb45b2b672d09470745",
            "id": "RLUA-2026-00393",
            "source": "reversing-labs",
            "import_time": "2026-03-19T12:19:52.189509208Z"
        }
    ]
}

References

https://bad-packages.kam193.eu/pypi/package/hlokty

Credits

- Kamil Mańkowski (kam193)
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- Kamil Mańkowski (kam193) - ANALYST
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

PyPI / hlokty

Package

Name: hlokty; View open source insights on deps.dev
Purl: pkg:pypi/hlokty

Affected ranges

Affected versions

0.*

0.1

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/hlokty/MAL-2024-5203.json"