-= Per source details. Do not edit below this line.=-
Installing packages exfiltrates data (different in different packages and versions) or run revshells
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-08-learning-pypi-demo-nisimi
Reasons (based on the campaign):
The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.
exfiltration-generic
{
"iocs": {
"domains": [
"evduuu5l01di1hdn9i5qslhxzo5ft6ju8.oastify.com",
"xz0dyd944kh150h6d199w4lg379yx0lp.oastify.com",
"v95b8bj2eirzfyr4nzj762ved5jw71vq.oastify.com"
]
},
"malicious-packages-origins": [
{
"source": "reversing-labs",
"id": "RLMA-2025-04745",
"modified_time": "2025-09-26T09:13:44Z",
"sha256": "fdf85e89ad8e719ea161ef629b069744f958239bc89f4b0131ecd641a7fe37d7",
"versions": [
"0.1.0",
"0.1.1",
"0.1.2",
"0.1.3",
"0.1.4",
"0.1.5",
"0.1.6"
],
"import_time": "2025-09-26T11:05:31.210259668Z"
},
{
"source": "kam193",
"id": "pypi/2025-08-learning-pypi-demo-nisimi/awesome-tools-collection",
"modified_time": "2025-09-03T15:57:26.910464Z",
"sha256": "88262de451d7eb0b85f040386be49fbed3622a503eed18d3e2af1d8d91921afd",
"versions": [
"0.1.5",
"0.1.4",
"0.1.3",
"0.1.2",
"0.1.1",
"0.1.0",
"0.1.2",
"0.1.4",
"0.1.5",
"0.1.6"
],
"import_time": "2025-12-02T22:30:54.958411806Z"
},
{
"source": "kam193",
"id": "pypi/2025-08-learning-pypi-demo-nisimi/awesome-tools-collection",
"modified_time": "2025-09-03T15:57:26.910464Z",
"sha256": "1b8c27c2c5512bcb412c63a9e5ab3a392cb21f8ff51f281d8e7ac73a08929abb",
"versions": [
"0.1.5",
"0.1.4",
"0.1.3",
"0.1.2",
"0.1.1",
"0.1.0",
"0.1.2",
"0.1.4",
"0.1.5",
"0.1.6"
],
"import_time": "2025-12-02T23:07:17.998755429Z"
},
{
"source": "kam193",
"id": "pypi/2025-08-learning-pypi-demo-nisimi/awesome-tools-collection",
"modified_time": "2025-09-03T15:57:26.910464Z",
"sha256": "35787e4b8050da40f613d4d0741f82f0793388b360393758954c6ae6f0d406d3",
"versions": [
"0.1.0",
"0.1.1",
"0.1.2",
"0.1.2",
"0.1.3",
"0.1.4",
"0.1.4",
"0.1.5",
"0.1.5",
"0.1.6"
],
"import_time": "2025-12-30T22:39:04.043480333Z"
},
{
"source": "reversing-labs",
"id": "RLUA-2026-00126",
"modified_time": "2026-03-18T12:11:41Z",
"sha256": "506219c146fcc0f77e004675ffc2d6aae316ea1f3514eda6223ce74de6aade34",
"import_time": "2026-03-19T12:19:27.76689798Z"
}
]
}