-= Per source details. Do not edit below this line.=-
Once run, package downloads and installs an infostealer
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-11-discord-selfsbotsx
Reasons (based on the campaign):
Downloads and executes a remote executable.
infostealer
malware
peristence-autorun
{
"iocs": {
"urls": [
"https://pastebin.com/raw/HvFhs7zk",
"http://212.80.7.213:20578"
],
"ips": [
"212.80.7.213"
]
},
"malicious-packages-origins": [
{
"versions": [
"1.0.0"
],
"id": "pypi/2025-11-discord-selfsbotsx/multithreadedexecution",
"modified_time": "2025-11-30T23:59:28.937561Z",
"import_time": "2025-12-02T22:30:55.348568446Z",
"sha256": "5af5a526d3255cf6c76e0490269ba46e56c0944a8f7c761e63ee801f07ffd1d0",
"source": "kam193"
},
{
"versions": [
"1.0.0"
],
"id": "pypi/2025-11-discord-selfsbotsx/multithreadedexecution",
"modified_time": "2025-11-30T23:59:28.937561Z",
"import_time": "2025-12-02T23:07:18.378996293Z",
"sha256": "3248950b032e1381ddc79d43dfdba8fb6dccce4b1afafd5825e560d793b3bd09",
"source": "kam193"
}
]
}