VDB

GCVE-110-OSM-2026-182

GCVE-110-OSM-2026-182
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published May 14, 2026
[osmalyze-auto] Malicious package detected. Behaviors: data exfiltration, code execution, obfuscated code. [osmalyze-auto] Entrypoint: src/natazx/natazx.py (console-script: natazx=natazx:main) Exfil: http://gajuiica:wo29gu5sa2sh@31.59.20.176:6754/ (custom-c2, recovery: plaintext in src/natazx/natazx.py) Payload: src/natazx/natazx.py Key findings: - Shell Command Execution in src/natazx/natazx.py: "os.system(" - Data Encoding for Exfiltration in src/natazx/natazx.py: "base64.b64encode(" - Silent Process Execution in src/natazx/natazx.py: "stdout=subprocess.DEVNULL" - Brand New Package IOCs: - ipv4: 1.1.1.1, 1.0.0.1, 31.59.20.176, 92.113.242.158, 198.23.239.134 (+2 more) - ipv6: 1:: - urls: http://gajuiica:wo29gu5sa2sh@31.59.20.176:6754/, http://gajuiica:wo29gu5sa2sh@92.113.242.158:6742/, http://gajuiica:wo29gu5sa2sh@198.23.239.134:6540/, http://gajuiica:wo29gu5sa2sh@45.38.107.97:6014/, http://gajuiica:wo29gu5sa2sh@107.172.163.27:6543/ (+8 more) - domains: 100067.connect.garena.com, loginbp.common.ggbluefox.com, loginbp.ggblueshark.com - sha256Hashes: afcfbf13334be42036e4f742c80b956344bed760ac91b3aff9b607a610ab4390 - payloadFileHash: 4fca6cfaa136cc73465599bdf2e26896db44d826d85f3252c8038c388b340368

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownkustoall (affected)
unknownbotboosterall (affected), all (affected), all (affected), all (affected)
unknownnatazxall (affected)
unknownheimdal-credentialsall (affected), all (affected), all (affected), all (affected), all (affected), all (affected), * (affected)
unknownjwrincidentall (affected), all (affected), all (affected), all (affected)

References

advisory
vendor
advisory
vendor
advisory
vendor
advisory
vendor
vendor

Browse GCVE Records

72,409 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›