MAL-2025-191715
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/dcbotoffline3/MAL-2025-191715.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2025-191715
- Published
- 2025-02-15T18:04:04Z
- Modified
- 2025-12-12T20:39:03.935717Z
- Summary
- Malicious code in dcbotoffline3 (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (80a535a6580b99aa10e80e810002076c68ae79c44c9fb17caff1f59978ebaaa7)
Starting the module runs an infostealer targeting browsers and Discord data
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-02-dcbot-online
Reasons (based on the campaign):
infostealer
exfiltration-browser-data
- Database specific
{ "iocs": { "ips": [ "178.208.187.105" ], "urls": [ "http://178.208.187.105/qweqweqwe.txt" ] }, "malicious-packages-origins": [ { "source": "kam193", "id": "pypi/2025-02-dcbot-online/dcbotoffline3", "modified_time": "2025-02-15T18:04:04Z", "sha256": "b56eb5912f4cda2916ca2e36f7646e793a752fd9c10880603ee45a270270c625", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "import_time": "2025-12-02T22:30:55.093902162Z" }, { "source": "kam193", "id": "pypi/2025-02-dcbot-online/dcbotoffline3", "modified_time": "2025-02-15T18:04:04Z", "sha256": "80a535a6580b99aa10e80e810002076c68ae79c44c9fb17caff1f59978ebaaa7", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "import_time": "2025-12-02T23:07:18.105436792Z" }, { "source": "kam193", "id": "pypi/2025-02-dcbot-online/dcbotoffline3", "modified_time": "2025-02-15T18:04:04Z", "sha256": "b35557cd7de6b266d18999130cb9d8a373d495d4fbe00ec1c34bd986fa43bd9a", "versions": [ "0.1.0", "0.2.0" ], "import_time": "2025-12-10T21:38:57.390939451Z" } ] }- References
- Credits
-
-
- Kamil Mańkowski (kam193)
-
- Kamil Mańkowski (kam193) - ANALYST
-
Affected packages
PyPI / dcbotoffline3
Package
- Name
- dcbotoffline3
- View open source insights on deps.dev
- Purl
- pkg:pypi/dcbotoffline3