MAL-2024-8044

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/artifact-lab-3-package-2b6a4744/MAL-2024-8044.json

JSON Data

https://api.test.osv.dev/v1/vulns/MAL-2024-8044

Published

2024-08-10T23:05:21Z

Modified

2025-12-12T20:40:33.329745Z

Summary

Malicious code in artifact-lab-3-package-2b6a4744 (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (0c03451c46b9f1a6e1a2ad4df4b3919782e86a4879fa78b7967ae7ec3e694645)

Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simple data. Pentest? An artifact from some red team curse?

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-08-lab-artifacts-revshell

Reasons (based on the campaign):

The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
The package overrides the install command in setup.py to execute malicious code during installation.

Source: ossf-package-analysis (9b971d40eca1cceb8d27177313771f0e256bd017027471a0b6cbddebd9ed0687)

The OpenSSF Package Analysis project identified 'artifact-lab-3-package-2b6a4744' @ 0.3.1 (pypi) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2024-08-27T15:25:47Z",
            "source": "ossf-package-analysis",
            "sha256": "9b971d40eca1cceb8d27177313771f0e256bd017027471a0b6cbddebd9ed0687",
            "versions": [
                "0.3.1"
            ],
            "import_time": "2024-08-27T15:34:13.231494818Z"
        },
        {
            "modified_time": "2024-08-27T15:33:15Z",
            "source": "ossf-package-analysis",
            "sha256": "a6294573a4b592f105492275dd21bdca52de1b6d59415f62196661552dd70cb5",
            "versions": [
                "0.3.2"
            ],
            "import_time": "2024-08-27T15:34:13.320298554Z"
        },
        {
            "id": "pypi/2024-08-lab-artifacts-revshell/artifact-lab-3-package-2b6a4744",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "modified_time": "2024-08-10T23:05:21Z",
            "source": "kam193",
            "sha256": "c42a6021135e58bd2d38611b42736f3085582d51bfba66c76583593b798b77a9",
            "import_time": "2025-12-02T22:30:54.918177801Z"
        },
        {
            "id": "pypi/2024-08-lab-artifacts-revshell/artifact-lab-3-package-2b6a4744",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "modified_time": "2024-08-10T23:05:21Z",
            "source": "kam193",
            "sha256": "0c03451c46b9f1a6e1a2ad4df4b3919782e86a4879fa78b7967ae7ec3e694645",
            "import_time": "2025-12-02T23:07:17.958854618Z"
        },
        {
            "id": "pypi/2024-08-lab-artifacts-revshell/artifact-lab-3-package-2b6a4744",
            "modified_time": "2024-08-10T23:05:21Z",
            "source": "kam193",
            "sha256": "bbde1f7b0bcb8d3f3aee469b17277097f08fd0c76f679eb18c0a2510e9b5e2bc",
            "versions": [
                "0.1.1",
                "0.2.0",
                "0.3.0",
                "0.3.2",
                "2.0.0",
                "0.3.1"
            ],
            "import_time": "2025-12-10T21:38:57.262224342Z"
        }
    ]
}

References

https://bad-packages.kam193.eu/pypi/package/artifact-lab-3-package-2b6a4744

Credits

- Kamil Mańkowski (kam193)
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- Kamil Mańkowski (kam193) - ANALYST
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis

Affected packages

PyPI / artifact-lab-3-package-2b6a4744

Package

Name: artifact-lab-3-package-2b6a4744; View open source insights on deps.dev
Purl: pkg:pypi/artifact-lab-3-package-2b6a4744

Affected ranges

Affected versions

0.*

0.1.1

0.2.0

0.3.0

0.3.1

0.3.2

2.*

2.0.0

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/artifact-lab-3-package-2b6a4744/MAL-2024-8044.json"