{"id":"MAL-2025-48896","summary":"Malicious code in regixtest (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (5bd4402c3382436a949c662f36088697ac7a3a0fd22e2c91fdf2102231e2392c)\nObfuscated code contains e.g. capabilities for downloading and executing code from a hardcoded location. It's also recognized as malware\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-10-regixtest\n\n\nReasons (based on the campaign):\n\n\n - obfuscation\n\n\n - action-hidden-in-lib-usage\n\n\n - Downloads and executes a remote malicious script.\n\n\n - malware\n","modified":"2026-03-19T12:56:16.318482Z","published":"2025-10-01T06:38:19Z","database_specific":{"iocs":{"domains":["cxojh-118-179-99-2.a.free.pinggy.link","xnrij-118-179-99-2.a.free.pinggy.link"]},"malicious-packages-origins":[{"modified_time":"2025-10-23T19:17:02Z","versions":["0.1.0","0.1.1","0.1.2","0.1.3","0.1.4"],"id":"RLMA-2025-05215","source":"reversing-labs","import_time":"2025-10-27T18:08:49.989937872Z","sha256":"be8183115c7e3df98800c36287295b44e30a6457baf95f4324af022bbf5d47e4"},{"modified_time":"2025-10-01T06:38:19.337263Z","versions":["0.1.4","0.1.3","0.1.2","0.1.1","0.1.0"],"id":"pypi/2025-10-regixtest/regixtest","source":"kam193","import_time":"2025-12-02T22:30:55.524782136Z","sha256":"eb1666d5e5f9c7c5bb2bfbaf1c95f07ad154bfe1596127f62da8b8349107a5db"},{"modified_time":"2025-10-01T06:38:19.337263Z","versions":["0.1.4","0.1.3","0.1.2","0.1.1","0.1.0"],"id":"pypi/2025-10-regixtest/regixtest","source":"kam193","import_time":"2025-12-02T23:07:18.561615122Z","sha256":"5bd4402c3382436a949c662f36088697ac7a3a0fd22e2c91fdf2102231e2392c"},{"modified_time":"2025-10-01T06:38:19.337263Z","versions":["0.1.0","0.1.1","0.1.2","0.1.3","0.1.4"],"id":"pypi/2025-10-regixtest/regixtest","source":"kam193","import_time":"2025-12-30T22:39:04.155656594Z","sha256":"6f5d3e60ec1b5684e600480df0fd6dee11c8a0d6ed4985ef10705d9154951fb8"},{"modified_time":"2026-03-18T12:18:04Z","id":"RLUA-2026-00692","source":"reversing-labs","import_time":"2026-03-19T12:20:21.174173618Z","sha256":"4f2344312262cff9d61a447d9fd8f490873d82951334be092c5750463c15e19e"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/regixtest"}],"affected":[{"package":{"name":"regixtest","ecosystem":"PyPI","purl":"pkg:pypi/regixtest"},"versions":["0.1.0","0.1.1","0.1.2","0.1.3","0.1.4"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/regixtest/MAL-2025-48896.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}