-= Per source details. Do not edit below this line.=-
Installing the package starts a reverse shell
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-02-dns-execution-test
Reasons (based on the campaign):
{
"iocs": {
"ips": [
"195.177.94.161"
]
},
"malicious-packages-origins": [
{
"versions": [
"1.1.2"
],
"id": "pypi/2026-02-dns-execution-test/dns-execution-test",
"modified_time": "2026-02-15T23:20:54.555201Z",
"import_time": "2026-02-15T23:41:59.792118745Z",
"sha256": "4fc1fd65caa9c7f199fba16c9d3772c7db895ed78b29130a7ddc3347a4b34ba7",
"source": "kam193"
},
{
"versions": [
"1.1.2",
"1.1.3"
],
"id": "pypi/2026-02-dns-execution-test/dns-execution-test",
"modified_time": "2026-02-17T11:02:15.998196Z",
"import_time": "2026-02-17T11:46:59.221031138Z",
"sha256": "792075bf8d9fb7a18844fb778d55744df6614875961aa53568f16a22bdbeea2f",
"source": "kam193"
}
]
}