Campaign · active

Repeated static TTP

Correlated evidence: py_runtime_base64_decode:base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

1778 releases365 max score90 confidence

First seen 2026-05-26 · last seen 2026-06-03

Member releases

[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

Timeline

Date (UTC)	Event
2026-06-03	expanded_campaign
2026-06-03	expanded_campaign
2026-06-03	expanded_campaign
2026-06-03	expanded_campaign
2026-06-03	expanded_campaign
2026-06-03	expanded_campaign
2026-06-03	expanded_campaign
2026-06-03	expanded_campaign
2026-06-03	expanded_campaign
2026-06-03	expanded_campaign
2026-06-03	expanded_campaign
2026-06-03	expanded_campaign
2026-06-03	expanded_campaign
2026-06-03	expanded_campaign
2026-06-03	expanded_campaign
2026-06-03	expanded_campaign
2026-06-03	expanded_campaign
2026-06-03	expanded_campaign
2026-06-03	expanded_campaign
2026-06-03	expanded_campaign

PkgRadar groups releases that share payloads, hashes, or publishers into campaigns and blocks them at the CI gate. Start free or see all live campaigns.