← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Typosquatting Campaign Targets Python Developers
WHITE CyberHunter_NL 2024-04-02 Modified: 2024-04-02
10
IOCs
LOW VOLUME
As part of Phylum’s annual security review, we take a look at the latest typosquat attacks targeting Python developers and how they might be used to target their own code.
researchpypimarchpythonphylumpytorchbackgroundfirstinsanepackageinsanepublicationbeautifulsoup26virustotaltyposquattingzgrat
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Typosquatting zgRAT
Indicators of Compromise (10)
All URL domain email
TYPEINDICATORDESCRIPTIONCREATED
URL https://funcaptcha.ru/app.asar 2024-04-02
URL https://funcaptcha.ru/atomic/app.asar 2024-04-02
URL https://funcaptcha.ru/delivery 2024-04-02
URL https://funcaptcha.ru/hvnc.py 2024-04-02
URL https://funcaptcha.ru/paste2?package=insanepackagev1414' 2024-04-02
domain funcaptcha.ru 2024-04-02
domain install.run 2024-04-02
domain requests.post 2024-04-02
domain subprocess.run 2024-04-02
email nig@gruppe.ru 2024-04-02
References (1)
↗ https://blog.phylum.io/typosquatting-campaign-targets-python-developers/