VDB
GCVE-110-OSM-2026-182
GCVE-110-OSM-2026-182
Advisory PublishedCVSS 8.8/10
[osmalyze-auto] Malicious package detected. Behaviors: data exfiltration, code execution, obfuscated code.
[osmalyze-auto] Entrypoint: src/natazx/natazx.py (console-script: natazx=natazx:main)
Exfil: http://gajuiica:wo29gu5sa2sh@31.59.20.176:6754/ (custom-c2, recovery: plaintext in src/natazx/natazx.py)
Payload: src/natazx/natazx.py
Key findings:
- Shell Command Execution in src/natazx/natazx.py: "os.system("
- Data Encoding for Exfiltration in src/natazx/natazx.py: "base64.b64encode("
- Silent Process Execution in src/natazx/natazx.py: "stdout=subprocess.DEVNULL"
- Brand New Package
IOCs:
- ipv4: 1.1.1.1, 1.0.0.1, 31.59.20.176, 92.113.242.158, 198.23.239.134 (+2 more)
- ipv6: 1::
- urls: http://gajuiica:wo29gu5sa2sh@31.59.20.176:6754/, http://gajuiica:wo29gu5sa2sh@92.113.242.158:6742/, http://gajuiica:wo29gu5sa2sh@198.23.239.134:6540/, http://gajuiica:wo29gu5sa2sh@45.38.107.97:6014/, http://gajuiica:wo29gu5sa2sh@107.172.163.27:6543/ (+8 more)
- domains: 100067.connect.garena.com, loginbp.common.ggbluefox.com, loginbp.ggblueshark.com
- sha256Hashes: afcfbf13334be42036e4f742c80b956344bed760ac91b3aff9b607a610ab4390
- payloadFileHash: 4fca6cfaa136cc73465599bdf2e26896db44d826d85f3252c8038c388b340368
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | kusto | all (affected) | — |
| unknown | botbooster | all (affected), all (affected), all (affected), all (affected) | — |
| unknown | natazx | all (affected) | — |
| unknown | heimdal-credentials | all (affected), all (affected), all (affected), all (affected), all (affected), all (affected), * (affected) | — |
| unknown | jwrincident | all (affected), all (affected), all (affected), all (affected) | — |
References
Malicious pypi package: jwrincident
advisory
Malicious pypi package: botbooster
advisory
Malicious pypi package: kusto
advisory
Malicious pypi package: natazx
advisory
Browse GCVE Records
72,409 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.