-= Per source details. Do not edit below this line.=-
During installation, the package starts a reverse shell
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-02-jwrincident
Reasons (based on the campaign):
{
"iocs": {
"ips": [
"108.143.253.126"
]
},
"malicious-packages-origins": [
{
"source": "kam193",
"sha256": "ad20c4d6c73e649f0907879ef431132bb1566c890b55d8c5933abc09e10085fd",
"modified_time": "2026-02-28T22:36:00.920296Z",
"import_time": "2026-02-28T23:07:54.234566036Z",
"id": "pypi/2026-02-jwrincident/jwrincident",
"versions": [
"1.0.0",
"1.0.1"
]
},
{
"source": "kam193",
"sha256": "78e732c16fbbb5798102806ede4462a9ad40104cc38a1720c7cd935ba6851a28",
"modified_time": "2026-02-28T22:36:00.920296Z",
"import_time": "2026-03-08T19:39:06.418374901Z",
"id": "pypi/2026-02-jwrincident/jwrincident",
"versions": [
"1.0.0",
"1.0.1"
]
},
{
"source": "reversing-labs",
"sha256": "c72906d78ba1d442924b92561bc44e46dfe10ec5bc71be978cad329c5d508d2c",
"modified_time": "2026-03-18T12:15:18Z",
"import_time": "2026-03-19T12:18:18.246000609Z",
"id": "RLMA-2026-00446",
"versions": [
"1.0.0",
"1.0.1"
]
}
]
}