PkgRadar

Campaign · stale

Repeated static TTP

Correlated evidence: js_hidden_powershell:hidden / non-interactive powershell invocation in package code — typically `-windowstyle hidden`, `irm | iex`, or `windowshide: true` — used to download-and-run payloads on windows installers.

10 releases102 max score90 confidence

First seen 2026-05-27 · last seen 2026-05-27

Member releases

Timeline

Date (UTC)Event
2026-05-27stale_campaign
2026-05-27score_increased
2026-05-27expanded_campaign
2026-05-27score_increased
2026-05-27expanded_campaign
2026-05-27expanded_campaign
2026-05-27expanded_campaign
2026-05-27expanded_campaign
2026-05-27expanded_campaign
2026-05-27new_campaign

PkgRadar groups releases that share payloads, hashes, or publishers into campaigns and blocks them at the CI gate. Start free or see all live campaigns.

Repeated static TTP campaign — 10 releases | PkgRadar