-= Per source details. Do not edit below this line.=-
During import, package automatically starts a connection to a C2 server, exfiltrates information about the host and data like the browser's history and sensitive files, and then waits for remote commands to execute.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-05-puan3
Reasons (based on the campaign):
exfiltration-generic
exfiltration-browser-data
The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.
rat
exfiltration-credentials
{
"iocs": {
"ips": [
"185.246.113.53"
]
},
"malicious-packages-origins": [
{
"modified_time": "2026-05-03T12:16:07.229837Z",
"source": "kam193",
"import_time": "2026-05-03T12:50:01.134320007Z",
"sha256": "531ab02814e67f81e5c82fb57b72d59c3972d0975932f6e9d00ea680040e9a13",
"id": "pypi/2026-05-puan3/puan3",
"versions": [
"0.1.0",
"0.1.1"
]
},
{
"modified_time": "2026-05-03T12:16:07.229837Z",
"source": "kam193",
"import_time": "2026-05-03T21:19:17.74121945Z",
"sha256": "d4704e51813049248eccf78133b3ccc8816cfebb30555fa2adf67e99534349d4",
"id": "pypi/2026-05-puan3/puan3",
"versions": [
"0.1.0",
"0.1.1"
]
}
]
}