-= Per source details. Do not edit below this line.=-
Code in setup.py attempts to silently download and execute an executable. The file contains a malware
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-02-requests-x64
Reasons (based on the campaign):
{
"iocs": {
"urls": [
"https://send.tresorit.com/a#oPaBw2_7GrteEiXwSSI29g"
]
},
"malicious-packages-origins": [
{
"versions": [
"2.0.0"
],
"id": "RLMA-2025-01235",
"modified_time": "2025-03-03T13:45:15Z",
"import_time": "2025-03-03T15:07:17.073589879Z",
"sha256": "f127b68d650d7dc2e2142f0f4d07a799060c9bdb649b87317a15b2f071316ee7",
"source": "reversing-labs"
},
{
"id": "pypi/2025-02-requests-x64/requests-x64",
"modified_time": "2025-02-04T17:58:19Z",
"import_time": "2025-12-02T22:30:55.538875184Z",
"sha256": "b61dd802c58f2577835c7848f5dd2977e05737aed2c00ccc9bd73c6003971140",
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
}
]
}
],
"source": "kam193"
},
{
"id": "pypi/2025-02-requests-x64/requests-x64",
"modified_time": "2025-02-04T17:58:19Z",
"import_time": "2025-12-02T23:07:18.577433121Z",
"sha256": "996690f6aae3ce7456b45309072e2b12f5afda24b2f58e7f66b004c1f2b99872",
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
}
]
}
],
"source": "kam193"
},
{
"versions": [
"2.0.0"
],
"id": "pypi/2025-02-requests-x64/requests-x64",
"modified_time": "2025-02-04T17:58:19Z",
"import_time": "2025-12-10T21:38:57.785614936Z",
"sha256": "16987150630b3870a214ee45dd7d75b168c3597d79d092549b4f418ea08553aa",
"source": "kam193"
},
{
"id": "RLUA-2026-00708",
"modified_time": "2026-03-18T12:18:14Z",
"import_time": "2026-03-19T12:20:22.753702933Z",
"sha256": "055be74d01199b570cb1f9f875f9e3409ed8cfd35ff6fc0b5ff1bb09f30f7493",
"source": "reversing-labs"
}
]
}