MAL-2024-10541

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/artifact-lab-3-package-736f752d/MAL-2024-10541.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2024-10541
Published
2024-08-10T23:05:21Z
Modified
2025-12-12T20:40:42.231718Z
Summary
Malicious code in artifact-lab-3-package-736f752d (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (dfb249857a1fcf0c79636d8692dc8b148d847336022dbe6f4ab558f6f5c2f97f)

Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simple data. Pentest? An artifact from some red team curse?

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-08-lab-artifacts-revshell

Reasons (based on the campaign):

  • The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.

  • The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

  • The package overrides the install command in setup.py to execute malicious code during installation.

Source: ossf-package-analysis (af3f7688132b6b9f4516d3ba60dff758a89f1a24357a1fee3d891758acac385d)

The OpenSSF Package Analysis project identified 'artifact-lab-3-package-736f752d' @ 0.1.2 (pypi) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific 
{
    "malicious-packages-origins": [
        {
            "modified_time": "2024-11-09T20:45:55Z",
            "import_time": "2024-11-09T21:04:55.817842118Z",
            "versions": [
                "0.1.2"
            ],
            "source": "ossf-package-analysis",
            "sha256": "af3f7688132b6b9f4516d3ba60dff758a89f1a24357a1fee3d891758acac385d"
        },
        {
            "modified_time": "2024-08-10T23:05:21Z",
            "id": "pypi/2024-08-lab-artifacts-revshell/artifact-lab-3-package-736f752d",
            "import_time": "2025-12-02T22:30:54.925157325Z",
            "source": "kam193",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "sha256": "d4da56f540937f93fe5ed06d33bb06e36c4716391883d106904dfc44ae82030c"
        },
        {
            "modified_time": "2024-08-10T23:05:21Z",
            "id": "pypi/2024-08-lab-artifacts-revshell/artifact-lab-3-package-736f752d",
            "import_time": "2025-12-02T23:07:17.96525035Z",
            "source": "kam193",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "sha256": "dfb249857a1fcf0c79636d8692dc8b148d847336022dbe6f4ab558f6f5c2f97f"
        },
        {
            "modified_time": "2024-08-10T23:05:21Z",
            "id": "pypi/2024-08-lab-artifacts-revshell/artifact-lab-3-package-736f752d",
            "import_time": "2025-12-10T21:38:57.269581317Z",
            "versions": [
                "0.1.1",
                "0.1.2",
                "0.1.3",
                "0.1.4"
            ],
            "source": "kam193",
            "sha256": "578195b3a8c390f043e7bec8cb2300f758bb3988a062038ffb23c2af4ed34dda"
        }
    ]
}
References
Credits

Affected packages

PyPI / artifact-lab-3-package-736f752d

Package

Name
artifact-lab-3-package-736f752d
View open source insights on deps.dev
Purl
pkg:pypi/artifact-lab-3-package-736f752d

Affected ranges

Affected versions

0.*

0.1.1
0.1.2
0.1.3
0.1.4

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/artifact-lab-3-package-736f752d/MAL-2024-10541.json"