MAL-2024-11528
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/artifact-lab-3-package-f9dafccc/MAL-2024-11528.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MAL-2024-11528
- Published
- 2024-08-10T23:05:21Z
- Modified
- 2025-12-31T02:56:47.266748Z
- Summary
- Malicious code in artifact-lab-3-package-f9dafccc (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (8c38a10b7ad9b95b75ed342f766c42e203bbccd220031288c7107dac87641451)
Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simple data. Pentest? An artifact from some red team curse?
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2024-08-lab-artifacts-revshell
Reasons (based on the campaign):
The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
The package overrides the install command in setup.py to execute malicious code during installation.
- Database specific
{ "malicious-packages-origins": [ { "source": "reversing-labs", "id": "RLMA-2024-10972", "versions": [ "0.2.5", "0.3.0" ], "sha256": "05c0e8de9ed50d77cf6d17c034ca116b86465c00d513c6561f893480da95cdff", "modified_time": "2024-12-09T06:49:47Z", "import_time": "2024-12-09T14:38:40.792907105Z" }, { "source": "kam193", "id": "pypi/2024-08-lab-artifacts-revshell/artifact-lab-3-package-f9dafccc", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "sha256": "ef5765aa95f24c87a09f27b8a2e0e67b20af57ab7ceeea5f2f6279f79bd9fb07", "modified_time": "2024-08-10T23:05:21Z", "import_time": "2025-12-02T22:30:54.939332802Z" }, { "source": "kam193", "id": "pypi/2024-08-lab-artifacts-revshell/artifact-lab-3-package-f9dafccc", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "sha256": "8c38a10b7ad9b95b75ed342f766c42e203bbccd220031288c7107dac87641451", "modified_time": "2024-08-10T23:05:21Z", "import_time": "2025-12-02T23:07:17.978566781Z" }, { "source": "kam193", "id": "pypi/2024-08-lab-artifacts-revshell/artifact-lab-3-package-f9dafccc", "versions": [ "0.3.0", "0.2.0", "0.2.5" ], "sha256": "bde09c82e0c469f34cb5da0345449db0a0bd3dedeaaf2643475a2e406ec3cb3b", "modified_time": "2024-08-10T23:05:21Z", "import_time": "2025-12-10T21:38:57.283920157Z" }, { "source": "kam193", "id": "pypi/2024-08-lab-artifacts-revshell/artifact-lab-3-package-f9dafccc", "versions": [ "0.2.0", "0.2.5", "0.3.0" ], "sha256": "bbf26ef64b7c4dd5684ba70318cbe536010ae7871052d1e288e735bccf098fd3", "modified_time": "2024-08-10T23:05:21Z", "import_time": "2025-12-30T22:39:04.040409436Z" } ] }- References
- Credits
-
-
- Kamil Mańkowski (kam193)
-
- Kamil Mańkowski (kam193) - ANALYST
-
- ReversingLabs - FINDER
-
Affected packages
PyPI / artifact-lab-3-package-f9dafccc
Package
- Name
- artifact-lab-3-package-f9dafccc
- View open source insights on deps.dev
- Purl
- pkg:pypi/artifact-lab-3-package-f9dafccc