Malicious PyPi User Strikes Again with Typosquatting, StarJacking and Unpacks Tailor-made Malware written in C#
Tags
country: Kazakhstan
attack-pattern: Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Connection Proxy - T1090 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID 3d05d143-2b88-43b3-a4ae-1382be228ac6
Fingerprint afb1120d28f00703
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 17, 2022, 2:27 p.m.
Added to db June 5, 2023, 10:30 a.m.
Last updated Dec. 20, 2024, 8 p.m.
Headline Malicious PyPi User Strikes Again with Typosquatting, StarJacking and Unpacks Tailor-made Malware written in C#
Title Malicious PyPi User Strikes Again with Typosquatting, StarJacking and Unpacks Tailor-made Malware written in C#
Detected Hints/Tags/Attributes 37/2/12
Source URLs
Redirection Url
Details Source https://checkmarx.com/blog/malicious-pypi-user-strikes-again-with-typosquatting-starjacking-and-unpacks-tailor-made-malware-written-in-c/
URL Provider
Details Provider Source level domain
Details checkmarx.com checkmarx.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 82 Checkmarx https://checkmarx.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 144 
setup.py
Details Domain 4 
ipwho.is
Details File 132 
setup.py
Details File 4 
c:\windows\syswow64\schtasks.exe
Details File 1 
c:\programdata\microsoft\microsoftassisant.exe
Details sha256 1 
a5a0891067218690a6986cd19c646758ee51eef48b4e904b8f46394d61a629b6
Details sha256 1 
732f681ccabb45d421f0b944528dfab5fcc089c928c7c5db06472b09fc545b04
Details sha256 1 
8f66b15dee0ca1e24ee932749206ee3a374c467f6bf4932edf046d6f57472709
Details sha256 1 
6599d5499c518c8651b0fd9a11ff0798e3101ff2bc21560355d9257d5859c537
Details IPv4 1 
77.73.134.3
Details Url 1 
http://ipwho.is
Details Url 1 
http://77.73.134.3:8080/api/v2/getprofilepicture