-= Per source details. Do not edit below this line.=-
Installing packages exfiltrates data (different in different packages and versions) or run revshells
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-08-learning-pypi-demo-nisimi
Reasons (based on the campaign):
The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.
exfiltration-generic
{
"malicious-packages-origins": [
{
"versions": [
"0.1.9"
],
"sha256": "9817d866e7e316858f4b8ed64bf2a4ddec5e63ec8b150f3a541148826ee87491",
"modified_time": "2025-09-03T19:28:44.053195Z",
"source": "kam193",
"id": "pypi/2025-08-learning-pypi-demo-nisimi/python-dev-toolkit",
"import_time": "2025-12-02T22:30:55.491123044Z"
},
{
"versions": [
"0.1.9"
],
"sha256": "3e8bbf18a10505977ab19adc6dd13d15e1c7df3c69391e1c930289b953619549",
"modified_time": "2025-09-03T19:28:44.053195Z",
"source": "kam193",
"id": "pypi/2025-08-learning-pypi-demo-nisimi/python-dev-toolkit",
"import_time": "2025-12-02T23:07:18.516254956Z"
}
],
"iocs": {
"domains": [
"evduuu5l01di1hdn9i5qslhxzo5ft6ju8.oastify.com",
"xz0dyd944kh150h6d199w4lg379yx0lp.oastify.com",
"v95b8bj2eirzfyr4nzj762ved5jw71vq.oastify.com"
]
}
}