Malicious Package

Overview plutos is a malicious package. This is one of 12 malicious packages created by the same actor and discovered by Snyk. It downloads and executes malicious exe files containing malicious code that attempts to steal information from Google Chrome, tokens from Discord, and Injects a Discord...

Malicious Package

Overview rbxtools is a malicious package. This is one of 12 malicious packages created by the same actor and discovered by Snyk. It downloads and executes malicious exe files containing malicious code that attempts to steal information from Google Chrome, tokens from Discord, and Injects a Discor...

Malicious Package

Overview testpipper is a malicious package. This is one of 12 malicious packages created by the same actor and discovered by Snyk. It downloads and executes malicious exe files containing malicious code that attempts to steal information from Google Chrome, tokens from Discord, and Injects a...

Malicious Package

Overview pippytest is a malicious package. This is one of 12 malicious packages created by the same actor and discovered by Snyk. It downloads and executes malicious exe files containing malicious code that attempts to steal information from Google Chrome, tokens from Discord, and Injects a Disco...

Malicious Package

Overview rbxtool is a malicious package. This is one of 12 malicious packages created by the same actor and discovered by Snyk. It downloads and executes malicious exe files containing malicious code that attempts to steal information from Google Chrome, tokens from Discord, and Injects a Discord...

Malicious Package

Overview hackerfilelol is a malicious package. This is one of 12 malicious packages created by the same actor and discovered by Snyk. It downloads and executes malicious exe files containing malicious code that attempts to steal information from Google Chrome, tokens from Discord, and Injects a...

Malicious Package

Overview stealthpy is a malicious package. This is one of 12 malicious packages created by the same actor and discovered by Snyk. It downloads and executes malicious exe files containing malicious code that attempts to steal information from Google Chrome, tokens from Discord, and Injects a Disco...

Malicious Package

Overview cyphers is a malicious package. This is one of 12 malicious packages created by the same actor and discovered by Snyk. It downloads and executes malicious exe files containing malicious code that attempts to steal information from Google Chrome, tokens from Discord, and Injects a Discord...

SillyRAT - A Cross Platform Multifunctional (Windows/Linux/Mac) RAT

A Cross Platform multifunctional Windows/Linux/Mac RAT. Getting Started Description A cross platform RAT written in pure Python. The RAT accept commands alongside arguments to either perform as the server who accepts connections or to perform as the client/target who establish connections to the...

SharpML - Machine Learning Network Share Password Hunting Toolkit

SharpML is a proof of concept file share data mining tool using Machine Learning in Python and C. The tool is discussed in more detail on our blog here, but is summarised below also: SharpML is C and Python based tool that performs a number of operations with a view to mining file shares, queryin...

New Malware Targets Windows Subsystem for Linux to Evade Detection

A number of malicious samples have been created for the Windows Subsystem for Linux WSL with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines. The "distinct tradecraft"...

MacOS Targeted in WildPressure APT Malware Campaign

Threat actors known as WildPressure have added a macOS malware variant to their latest campaign targeting energy sector businesses, while enlisting compromised WordPress websites to carry out attacks. Novel malware, initially identified in March 2020 and dubbed Milum, has now been retooled with a...

WildPressure targets the macOS platform

New findings Our previous story regarding WildPressure was dedicated to their campaign against industrial-related targets in the Middle East. By keeping track of their malware in spring 2021, we were able to find a newer version. It contains the C++ Milum Trojan, a corresponding VBScript variant...

New Windows Trojan Steals Browser Credentials, Outlook Files

Researchers have discovered a new information-stealing trojan, which targets Microsoft Windows systems with an onslaught of data-exfiltration capabilities– from collecting browser credentials to targeting Outlook files. The trojan, called PyMicropsia due to it being built with Python has been...

Pytmipe - Python Library And Client For Token Manipulations And Impersonations For Privilege Escalation On Windows

PYTMIPE PYthon library for Token Manipulation and Impersonation for Privilege Escalation is a Python 3 library for manipulating Windows tokens and managing impersonations in order to gain more privileges on Windows. TMIPE is the python 3 client which uses the pytmipe library. Content A python...

Exploit for CVE-2017-0144

This is a PoC exploit for CVE-2017-0144, a remote code execution vulnerability in Windows. The exploit targets Windows 2000 and later versions. It does not require Python installation, as it is built with Pyinstaller. The exploit implements a few options, such as username/password specification a...

DiscordRAT - Discord Remote Administration Tool Fully Written In Python

Discord Remote Administration Tool fully written in Python3. This is a RAT controlled over Discord with over 20 post exploitation modules. Disclaimer: This tool is for educational use only, the author will not be held responsible for any misuse of this tool. This is my first project on github as...

DeathRansom - A Ransomware Developed In Python, With Bypass Technics, For Educational Purposes

What is a ransomware? A ransomware is malware that encrypts all your files and shows a ransom request, which tells you to pay a set amount, usually in bitcoins BTC, in a set time to decrypt your files, or he will delete your files. How it works? First, the script checks if it's in a sandbox,...

PythonAESObfuscate - Obfuscates A Python Script And The Accompanying Shellcode

Pythonic way to load shellcode. Builds an EXE for you too! Usage Place a payload.bin raw shellcode file in the same directory. Default Architecture is x86 run python obfuscate.py Default output is out.py Requirements Windows Python 2.7 Pyinstaller PyCrypto PyCryptodome didn't seem to work Downloa...

Exploit for Execution with Unnecessary Privileges in Pyinstaller

PyInstallerPriv...