Campaign · active

Repeated static TTP

Correlated evidence: py_install_time_base64_decode:base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

77 releases255 max score81 confidence

First seen 2026-06-15 · last seen 2026-06-15

Member releases

[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

Timeline

Date (UTC)	Event
2026-06-15	new_campaign

PkgRadar groups releases that share payloads, hashes, or publishers into campaigns and blocks them at the CI gate. Start free or see all live campaigns.