-= Per source details. Do not edit below this line.=-
If run as module, it attempts to automatically destroy user's and system's files. Some versions also exfiltrate them.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-07-hahabott
Reasons (based on the campaign):
files-exfiltration
destructive-actions
{
"malicious-packages-origins": [
{
"sha256": "4e54f2e63a559a138a6ad08357607009c1725de084e8a406a268d67b1ca3e99b",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"modified_time": "2025-07-19T22:11:31.498312Z",
"source": "kam193",
"id": "pypi/2025-07-hahabott/hahabott",
"import_time": "2025-12-02T22:30:55.23296349Z"
},
{
"sha256": "89ed03d9e80d4ef62c54087a12177f795e478b1b5e5a8af69ef4e4740e102186",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"modified_time": "2025-07-19T22:11:31.498312Z",
"source": "kam193",
"id": "pypi/2025-07-hahabott/hahabott",
"import_time": "2025-12-02T23:07:18.254434609Z"
},
{
"versions": [
"1.20.1",
"1.20.6",
"1.20.7",
"1.20.8",
"1.20.9",
"1.29.1",
"1.29.3"
],
"sha256": "7b41adec259822ebbf3bceb10f2898f8ec0b31fdf7505dea7efea4e2371c3e71",
"modified_time": "2025-07-19T22:11:31.498312Z",
"source": "kam193",
"id": "pypi/2025-07-hahabott/hahabott",
"import_time": "2025-12-10T21:38:57.518129102Z"
}
]
}