← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics
WHITE Enterprise Strategy dekaRituraj 2024-02-20 Modified: 2024-02-20
17
IOCs
MEDIUM VOLUME
Cybersecurity researchers have discovered two malicious packages on the Python Package Index (PyPI) repository that were found leveraging a technique called DLL side-loading to circumvent detection by security software and run malicious code. The packages, named NP6HelperHttptest and NP6HelperHttper, were each downloaded 537 and 166 times, respectively, before they were taken down.
pypisoftware supplyreversinglabschain securitystrongnp6helperhttperdll sideloadingiocsstatesupply chaincobalt strikefebruarydownloadmalwaremaliciousclosepythonjuneenterprise strategy
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Cobalt Strike
Indicators of Compromise (17)
All FileHash-MD5 FileHash-SHA1 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 e3214c81339540a3804fca656f5aea7d 2024-02-20
FileHash-SHA1 1f9fcf86a56394a7267d85ba76c1256d12e3e76b 2024-02-20
FileHash-SHA1 1fc236e94b54d3ddc4b2afb8d44a19abd7cf0dd4 2024-02-20
FileHash-SHA1 2dc80f45540d0a3ea33830848fcf529f98ea2f5e 2024-02-20
FileHash-SHA1 575bcc28998ad388c2ad2c2ebc74ba583f5c0065 2024-02-20
FileHash-SHA1 73ece3d738777e791035e9c0c94bf4931baf3e3a 2024-02-20
FileHash-SHA1 84c75536b279a85a5320f058514b884a016bc8c8 2024-02-20
FileHash-SHA1 a1bb4531ce800515afa1357b633c73c27fa305cf 2024-02-20
FileHash-SHA1 a65bce340366f724d444978dcdcd877fa2cacb1c 2024-02-20
FileHash-SHA1 dfc8afe5cb7377380908064551c9555719fd28e3 2024-02-20
FileHash-SHA1 e3a7098e3352fdbb5ff5991e9e10dcf3b43b1b86 2024-02-20
URL https://cdn.0c.sk/1101012.zip 2024-02-20
URL https://cdn.0c.sk/1101012.zip. 2024-02-20
URL https://fus.rngupdatem.buzz 2024-02-20
URL https://us.archive-ubuntu.top/components/an.gif?type=lastest 2024-02-20
hostname fus.rngupdatem.buzz 2024-02-20
hostname us.archive-ubuntu.top 2024-02-20
References (2)
↗ https://www.reversinglabs.com/blog/attackers-leverage-pypi-to-sideload-malicious-dlls ↗ https://thehackernews.com/2024/02/new-malicious-pypi-packages-caught.html