-= Per source details. Do not edit below this line.=-
The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-05-solana-wallet-sdk
Reasons (based on the campaign):
files-exfiltration
crypto-related
exfiltration-crypto
{
"iocs": {
"urls": [
"http://46.225.21.180:3000/api/narrative-accounts"
],
"ips": [
"46.225.21.180"
]
},
"malicious-packages-origins": [
{
"id": "pypi/2026-05-solana-wallet-sdk/eth-toolkit",
"source": "kam193",
"import_time": "2026-05-08T08:37:58.66702667Z",
"sha256": "e5895b0a95cf86acc67f21e61b55a0718a073fd06657523b47550532153ed546",
"versions": [
"1.0.0"
],
"modified_time": "2026-05-08T07:27:58.845299Z"
}
]
}