-= Per source details. Do not edit below this line.=-
Importing the module starts Obfuscated code that downloads a well-recognized malware. In the further variations, the code that download and starts the malicious code is now a little more hidden in the functionality and starts after presenting some allegedly expected activity
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-02-tiksing
Reasons (based on the campaign):
Downloads and executes a remote executable.
obfuscation
malware
{
"iocs": {
"domains": [
"kuruptd.ink"
],
"urls": [
"https://kuruptd.ink/fiaegjnkaegjhiageaij0geajb8387r5315gvvassdgvaknldv7at6.php",
"https://shorturl.at/pL5qZ"
],
"ips": [
"185.118.79.24"
]
},
"malicious-packages-origins": [
{
"id": "pypi/2025-02-tiksing/singtok",
"modified_time": "2025-02-18T20:50:57Z",
"import_time": "2025-12-02T22:30:55.575728951Z",
"sha256": "3334e722f7b75e431c3c41f9daaf95f192a005354093f7fb4d7b0edae8d613c0",
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
}
]
}
],
"source": "kam193"
},
{
"id": "pypi/2025-02-tiksing/singtok",
"modified_time": "2025-02-18T20:50:57Z",
"import_time": "2025-12-02T23:07:18.617618118Z",
"sha256": "20dad294eb5c742d0044f1dde01f51646f0b34a86a7cb86c84547981276f46ce",
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
}
]
}
],
"source": "kam193"
},
{
"versions": [
"0.0.3",
"0.0.1",
"0.0.4"
],
"id": "pypi/2025-02-tiksing/singtok",
"modified_time": "2025-02-18T20:50:57Z",
"import_time": "2025-12-10T21:38:57.816693341Z",
"sha256": "d4549fba2358242661530a53506fbd15808f05271ae18b1b1a296f6ceecdd30f",
"source": "kam193"
},
{
"versions": [
"0.0.1",
"0.0.3",
"0.0.4"
],
"id": "pypi/2025-02-tiksing/singtok",
"modified_time": "2025-02-18T20:50:57Z",
"import_time": "2025-12-30T22:39:04.177033669Z",
"sha256": "94f31de9f6e4db4aac73ff160fac8e40c47cf5f333f26aa37fb2a7278911a154",
"source": "kam193"
}
]
}