Supply Chain Attack via New Malicious Python Package, “shaderz” (Part 2) | FortiGuard Labs
Tags
attack-pattern: Data Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004
Show in Graph
Common Information
Type Value
UUID a30e77eb-e901-4140-bc97-96ddf6af8e59
Fingerprint 84593d5fc03aec6d
Analysis status DONE
Considered CTI value 0
Text language
Published Dec. 14, 2022, 2:58 p.m.
Added to db Dec. 15, 2022, 2:41 a.m.
Last updated Nov. 17, 2024, 6:53 p.m.
Headline Supply Chain Attack via New Malicious Python Package, “shaderz” (Part 2)
Title Supply Chain Attack via New Malicious Python Package, “shaderz” (Part 2) | FortiGuard Labs
Detected Hints/Tags/Attributes 18/1/12
Source URLs
Redirection Url
Details Source https://feeds.fortinet.com/~/722097770/0/fortinet/blog/threat-research~Supply-Chain-Attack-via-New-Malicious-Python-Package-%e2%80%9cshaderz%e2%80%9d-Part
Details Source https://www.fortinet.com/blog/threat-research/supply-chain-attack-via-new-malicious-python-package-shaderz-part-2
URL Provider
Details Provider Source level domain
Details fortinet.com www.fortinet.com
Details fortinet.com feeds.fortinet.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 117 Fortinet All Blogs https://feeds.feedburner.com/fortinet/blogs 2024-08-30 22:08
Details 122 Fortinet Threat Research Blog https://feeds.fortinet.com/fortinet/blog/threat-research 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 138 
setup.py
Details Domain 112 
cdn.discordapp.com
Details File 18 
stub.exe
Details File 127 
setup.py
Details File 25 
main.exe
Details File 6 
history.txt
Details File 1 
sublimcreditcards.db
Details File 1 
sublimhistory.db
Details File 1 
sublimpasswords.db
Details sha256 1 
d1f0583169acde756793d7d5d69afbb72331c931a88749eab14f28ecda3ef5ce
Details IPv4 4 
34.160.111.145
Details Url 1 
https://cdn.discordapp.com/attachments/1045000289708687390/1045158219024171169/main.exe