-= Per source details. Do not edit below this line.=-
The code exfiltrates content copied to clipboard content to a hardcoded location. The code is obfuscated and has a persistence mechanism.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-03-cfgmgr-syn
Reasons (based on the campaign):
clipboard-stealing
obfuscation
exfiltration-generic
persistence
{
"malicious-packages-origins": [
{
"versions": [
"1.6.7",
"1.6.8",
"1.6.9"
],
"sha256": "eeb9b6975940ff31a6a0f6361fd93d8d361a3687103c94c011a6fdf510a2fdec",
"modified_time": "2026-03-24T04:31:48.545801Z",
"source": "kam193",
"id": "pypi/2026-03-cfgmgr-syn/mgrcfg",
"import_time": "2026-03-24T05:08:17.94535229Z"
},
{
"versions": [
"1.6.7",
"1.6.8",
"1.6.9"
],
"sha256": "891f9583196c3190b727faac5c6dd0e65d3977208147947e25836f3b6fc527d5",
"modified_time": "2026-03-24T04:31:48.545801Z",
"source": "kam193",
"id": "pypi/2026-03-cfgmgr-syn/mgrcfg",
"import_time": "2026-03-24T05:51:49.444021984Z"
}
],
"iocs": {
"ips": [
"204.10.194.247"
],
"urls": [
"http://204.10.194.247:8765"
]
}
}