Threat actor Banana Squad exploits GitHub repos in new campaign
Banana Squad, a threat actor first identified in 2023, has launched a new campaign targeting GitHub repositories. The group has created over 60 trojanized repositories masquerading as hacking tools written in Python. These malicious repositories contain hundreds of trojanized Python files that utilize encoding and encryption techniques to hide backdoor code. The campaign primarily uses the domain dieserbenni[.]ru, with a new domain 1312services[.]ru detected recently. The trojanized repositories exploit GitHub's UI feature where long lines of code don't wrap, allowing attackers to hide malicious code off-screen. This sophisticated technique makes visual detection challenging, highlighting the increasing stealth of supply chain attacks on open-source platforms.
AI Analysis
Technical Summary
The threat actor known as Banana Squad, first identified in 2023, has initiated a new campaign targeting GitHub repositories by creating over 60 trojanized repositories disguised as hacking tools written in Python. These repositories contain hundreds of malicious Python files that employ encoding and encryption techniques to conceal backdoor code. The campaign leverages GitHub's user interface behavior where long lines of code do not wrap, allowing attackers to hide malicious payloads off-screen and evade visual detection by reviewers. The malicious repositories primarily communicate with command and control (C2) infrastructure hosted on domains such as dieserbenni[.]ru and the recently observed 1312services[.]ru. This approach exemplifies a sophisticated supply chain attack on open-source platforms, exploiting trust in publicly available code and the collaborative nature of GitHub. The use of encoding and encryption complicates static analysis and detection by automated tools. The campaign's tactics align with multiple MITRE ATT&CK techniques including T1132.001 (Data Encoding), T1204.002 (User Execution: Malicious File), T1553.002 (Subvert Trust Controls), T1140 (Deobfuscate/Decode Files or Information), T1608.001 (Stage Capabilities), T1027 variants (Obfuscated Files or Information), T1588.001 (Obtain Capabilities), T1078 (Valid Accounts), T1102.002 (Web Service), and T1059.006 (Command and Scripting Interpreter: Python). Although no known exploits in the wild have been reported yet, the campaign's stealth and supply chain nature pose significant risks to organizations relying on open-source Python tools from GitHub.
Potential Impact
For European organizations, this threat poses a substantial risk due to the widespread use of open-source Python tools in software development, research, and operational environments. Compromise through trojanized repositories can lead to unauthorized backdoor access, data exfiltration, and potential lateral movement within corporate networks. The stealth techniques employed reduce the likelihood of early detection, increasing the window of opportunity for attackers to establish persistence and escalate privileges. Organizations that integrate third-party open-source code without rigorous validation are particularly vulnerable. The campaign could disrupt software supply chains, undermine trust in open-source ecosystems, and lead to intellectual property theft or sabotage. Given Europe's strong emphasis on data privacy and regulatory compliance (e.g., GDPR), breaches resulting from this threat could also lead to significant legal and financial repercussions. Furthermore, sectors with high reliance on software development and cybersecurity, such as finance, telecommunications, and critical infrastructure, may face elevated risks.
Mitigation Recommendations
European organizations should implement a multi-layered defense strategy focused on securing their software supply chain. Specific recommendations include: 1) Enforce strict code review policies that include manual inspection for suspicious long lines of code and obfuscated segments, leveraging tools that can detect off-screen hidden code patterns in GitHub UI. 2) Employ automated static and dynamic analysis tools capable of decoding and deobfuscating encoded Python scripts to identify backdoors and malicious payloads. 3) Maintain an allowlist of trusted repositories and contributors, and restrict the use of unvetted third-party code in production environments. 4) Integrate Software Composition Analysis (SCA) tools to continuously monitor dependencies and detect trojanized or malicious packages. 5) Monitor network traffic for unusual connections to known malicious domains such as dieserbenni[.]ru and 1312services[.]ru, and block these at the perimeter. 6) Educate developers and security teams on the risks of supply chain attacks and the specific stealth techniques used in this campaign. 7) Establish incident response plans tailored to supply chain compromise scenarios, including rapid revocation of compromised credentials and repository access. 8) Collaborate with GitHub and other open-source communities to report and remediate malicious repositories promptly.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
Indicators of Compromise
- hash: 11a7688a08d9d389632391d013d6f24e
- hash: 3c7255e4e0429c15ef0dea4155e5bb7d965b2e07
- hash: 000fe2a6c7d9bcec61e52dc751dd867c622ed9ef2fc434210707628f04bed041
- hash: 0051e9ef07a06771cedc1599d0d1e6b904ea93984a9fd3ea9e8996abfe36e9cb
- hash: 00e28ac8c58a7ac50bc116c1811f6ca8aa9cae7656bb7c22a6f80ce734daa3f7
- hash: 027191e6cdd24ae8a5c0fa0d6b07aee7de4c0b030b21cf87b2f2096aa058148e
- hash: 058392b82ffc1a857e461df3f411149848b41af358a2c6dea250bf196b641bfc
- hash: 076e7d15d82ccc588cd5efff50fc31b69ef6246b7612ac65c79fc1c0118f95a3
- hash: 0776f861f4cf9aea359d937c377d99829d479ae0cc89eda340b7d89869145934
- hash: 090aa58379fe014b49b96ac8178c2c7f3e7d10edd11e1a3002a1549c506d62f2
- hash: 0b9c64996c74c5dcb5ae78ace2c1b244a1bf3345c619125fcb22b35adee08481
- hash: 0d6b6531e9826bb25affc3dcf2f2f3b00c214748b37c79eef012b570533b09da
- hash: 0f378c9ed80673785cf4bb34012ed6e14d522fd0b3742492c573255d21e0d93e
- hash: 1105948bb8db90023e80641e5720fd8117a52e2cedf08e1a16bdd16efe0db13e
- hash: 13237cd6e490801015ba0fda3251fe6c5c6900ca827ec691f6ad77518c37ebd7
- hash: 13e6c4948c92d90733fdb86e2c741a6a0878b06582acf2c72cac2f1493e84796
- hash: 14ff32f1763c1035a1641a36a100b2c089c2b57cfa0e98e59da445bb824175cd
- hash: 15a8108458f0d3a6c9bd86fd13d17e49133b98fecc4619f79cea2ed629be3b94
- hash: 15ad414a060d1e740c1dc4558936af0bcd0ca07b1e84a7ad99cc3b7ca5ec4cbb
- hash: 15c3c1959f5ca2cc097c884fd9133dbd1239395e6b065154b9118e3bd1d9b5ce
- hash: 15c6a38110ef1da0ba9600e7a5aae221bbad7230f3d0b82218f033fc2103fb86
- hash: 15e67a4e034ca0033ac69ba6db608a3049c635679142f337f5535da09b6135f2
- hash: 16c872ce461707e3a774d4d9f90d63d2900484f9211d2d323a5415bcba431230
- hash: 1a060f020a0acfbf42a27f74393028dec5d4319ab8deb4c6105d6840870181b7
- hash: 1b1cdf83eabae9376c866fe7ab051e8f0c136f1e8dc3b6baed9e512bc60fe7ec
- hash: 1b397b7c6783739947837d79cdd1f9e4d0297431d21f77041d6eb6f12dea33b9
- hash: 1c37a1c32674faa327e7f932289a21e5471460a503e48ab1fac9fbe0ec90e28a
- hash: 1d4f584724958c2e2d04cdf678075cab50a04b1bae0e1f951bd0205e0350a181
- hash: 1dc6a2ebbb1f2346a9a2da7f0a3f3b871c5fa3937b25b3c332db340eae219a7b
- hash: 1f092e9d691c0743b28e846fb247ff8a1ea9b4d6d2e508d227a69107eb96776a
- hash: 1f9550d25430a46dc71501687507af4d813c445e5f2133a2093dce780eb43416
- hash: 2011f4fc58c8d6c32371b7c706a08fe8a858620d1e2a3fd092bb0bb166bfafe1
- hash: 204abd1ea0ff7c079a17a9172fa1f772b3f177e72c43ab23b01a86272ebe984d
- hash: 2201c7b74d1892ec22e433c5460d783e0a794418932a2d5be7667d1103f204a1
- hash: 2568dcefce76520f78792bf2055b8aea8a97a7c6631df37552662b6c9848afc5
- hash: 2575a051143d8a82a7b96b7b46858d786d4f5ea84e100eb3be62201c992c28bf
- hash: 26ed0ab1341b9ae7abdc66dd6f429bd4c5ad06a7b99c90b584dda873d0d591b3
- hash: 27610b73244798454ac56562a34a1ed7b33288ca2f41cb4c88137e93ef16b576
- hash: 277b08cf2c0002dde67e4655c5a3e41315cc1efbfeb84786a0255df733f93da6
- hash: 27a631c5f28eaae7cf01b05833cb8627f37a149e9f3797c43f1d261901f69599
- hash: 288f29ec854aa6b09f463498d9292f3e5d2926318cf05a4ca76a24381e5d6283
- hash: 292087dc389a6b439d26a10ba1d1982c5ad745a5193b64fb85fa9a259f634f6f
- hash: 2955bf6cd3aef2e4dcacbaa1dfc7bd0b62c21b0b9710a1a4bcaaaf83fc0b6c70
- hash: 298af6faf050db38463e43710d26c57a1ab02f0db48106eacc9c8e9ab704ebd8
- hash: 2d35edcc5d553671ce24c95ecf4f3370af70687d779533ea79a620f2ad4fba34
- hash: 2e348dae0d33154eb9a982eaa5e733324c3791d4733d5b32b8d20352f4f3798a
- hash: 2ec498b8e1bf0a5abbe8bd57cbb7571fe755060b5ac5a2d11f56c2c79115f818
- hash: 30d7020b1dc5e41667d6b0e8504461ec67a4b1dd0e59fd73d4801edee1da4633
- hash: 31659b20bd5512ac19ab529c59eab5e055d93aa8891fdb814843c4ec9c7d2986
- hash: 3214169c1dd9577f7e870ae3eee92ee96c9446e9554a6092b877f1022e399da7
- hash: 328f87e4ff28f0179ab159c85a56987d65cf5d957d9b0544d616148adbcde3da
- hash: 34a4d4923c6997c4dc4f69b676b0e1f8e8b955a17defe43cf52d4e5fb1f03393
- hash: 37b1f28d60f6bb30920e0d5a3bfed9ad35cdf0360ce17a64c70f0ddfe1595cde
- hash: 392e2eee37396d9059c5e5756860d2213a3606b185cb0e3f2680b7f26035bf8b
- hash: 39abf291ffdeb98a35412f74b202da0db8ecb24bcc995c49d7386ee39b073a6e
- hash: 39b8644762ee6b60d686102efd8a31335b358fed816301894808ebe83a28245c
- hash: 3a1c6d13c44a25ff9b1302e2fb003ad2df9d77dc4fec60ccdb187bb8fabfef16
- hash: 3afaed45390c9ecf247586a701e19e7da7764cd15699b127a60885a78bea9a98
- hash: 3bf5d484396fdac3ad6462e9c40cca346187813e92cc456b18271c98097f0899
- hash: 3ca17964c580a5d8a6729ffa4285e39bb7141aa4e950c5595695b1d4d98343b8
- hash: 40698bfd7774640419083543bd39b5d08e97abc6e0e39c69f951b473f6beee0f
- hash: 40877d8cc62f0d000f1687629a6d60ad5ce0fface1c4418dd6033f4e43c18093
- hash: 40a17984bc35f9ceea62787f5a9f40050b69cbf0fac11f662fcc8020679bdc8e
- hash: 40b4c224a0acfcb40232f200ce8c8e011ed6e33da260afc25a4db3e964998aa6
- hash: 40c67f10599697fe2133df5b29bfb135c77c29136089d34fef57fa32cf7743de
- hash: 412d52189c9dc6ca584b591bd7b239e8f724a3e559ab0410bafa21e70e30a889
- hash: 414db3d3637b9346a39ed8104d24c1d201d4f36b5f81017cce51b2de29e5e84f
- hash: 4175e56cb4a7e2c4da780cb85667f9444428f72bc4700e988486ab3c505c08a7
- hash: 41d26632a69d7ba7b5b6b9b5ea53af7e194ce53d1146e30a706f356d49c0c069
- hash: 42ac9b15c8c6b245cde35f012ca9c887ad1f9dfe531ec5e1867725f44728721b
- hash: 44db08256991d763c2851301036eb0e4757ab1b81c02b0e26ba040d6dfe05907
- hash: 45e2862b9c7fe5ba17641b9c8690950a921fe7f3f08d8bb496e260e62c8e1f99
- hash: 460bf1412a3809e0dbc1b48926361cbf6efb5e73286f2b716de1707752db7b8f
- hash: 485ff44a45d84490c7b1bc9e71b176ba314b9fff515dd76aeba0b2b09583e9a5
- hash: 49b556c5425239d0d2e9d0e3c0ab0deeed5348a02f808b54d08461c824a83b37
- hash: 49c59d5497a68550a58f326932f4a1302a6e5b71220ac249a37f10191e2d319b
- hash: 49d3e213f0a509af9c251f7dc7717333e492e31df868dcf2523a5e4fa2b2fd6e
- hash: 4a0e7c48eb7541e70111b932ba5d71420d3c5ee7c5cdbeffce78058025730573
- hash: 4a1089e50691a19f12b701eda7e9eef71bb5ebce632a275512105fd27b790bea
- hash: 4abfeb569bbe7419e0593d9a38b1c2310156718381e676ac0e2bedf8fd3ef4c1
- hash: 4af4643f1ed29d8383007b67b764f9762579c2b574077b06dc6ce8dee1c681e0
- hash: 4b12ad9764f186332017598f7c24e71916bc829723338e1c9207d2c73170bcdc
- hash: 4b224bf7e30b7dc236905f287f1e3b7429da52655b50c26a6e7502d72c75f808
- hash: 4bdbecdd22917c4bff624347403a33547a787e3b60535f88c97e63296ab78ad4
- hash: 4e822aa2c33d218ee6a740b8aa42f7e202922abaca34ec789e9006f8be7199f1
- hash: 51d66a2c534e8238c64cf2df622cbc6030ac97f6ae24323a664787724c1a7505
- hash: 5273a5bfc3a8e04b036d9844832f073c29b614040b98c863f249f3c4fdff5cbe
- hash: 537893b214cb4b377cb0f8e936560baec6d96eaa2552b60bf6df9b4dd1cf6d45
- hash: 53817fea6baf657b3fb8f96ed23de6742709d785cbcd8f20fcbb1e8d724ae77d
- hash: 5399e99a9969a420fc7946ec00eec5daf3a4f3a78e3a46304179d7d1989784e1
- hash: 54982b11957d94c819ab93d6bbb50145450f57c67e384016ec62a8c7e1ba1532
- hash: 553f222d4419b6d10fbc61526ffa0e604ee381b17e5c5dc55fcc2d6f69a90a34
- hash: 575591f2aca1326c15c4a907e4261713795ead1d87fbaa92d3fa997b32e5845b
- hash: 576d094de394cff90060cbd6e7d6e656173d8ca6c2af53ded915faa541e7cd5f
- hash: 578d77adf1d4aab9959f500c8fac78c7d2c7cd791d8a972389bf647611a9cf82
- hash: 592724f1e7582b81360b5851b2433dabd3000575a26d6cb3ee74cbcedc972694
- hash: 59baeea023628f2a2641e6f3a2bf368e5626944482c0a139bb809d0cda3e33e5
- hash: 5aa29dfdd25870150c8b97a2bd95c2c6289e23b0ec50b22d613e5ac13cf4a0b1
- hash: 5aef27475754bcb12c7a47bf6c4eab519ba0782de623e90cd5ac1b3e44f60309
- hash: 5d2c393f7b21ef318319b28d3f6f876d2ec0acb6fcdfa72aef3948f702d2f7f6
- hash: 5e9051f791455d1917a4896f893407840c3272f2d9d23745aff25e1cf3df00b0
- hash: 61a04ebe05b0615a79ae435a340ece1cd20655a14c34c307ab8fb638ef66a11d
- hash: 61ffeb53b7b6ee7684e703915ec616c2980d92bea7c7bc9e0da1e04ef8b3f6c7
- hash: 6202e1d0b9d4f9cc467612c3a41dc304592ce20a46469419a69bdf26295e7a63
- hash: 62c9d8fe7d320b424998361599ccfd48a1cf8696fefeb6250ff10cde88da177f
- hash: 62d02474cc769d3cab2aa12a093a07776972223b914f999e3051ff34d00b3ada
- hash: 62e985c1800955332d2f81a05b731c5eb5082ffa80d99e32a622baaff3386866
- hash: 640be033604953aa01064846b3cabb7f9831d23794401f66436748548c89aaea
- hash: 6419a9f1d5d142246ad1527fc5848f8bf57982165833cdde0606489a8a793362
- hash: 64a6230835b9d42be6879cb6e7d9fcbcec31491b96bc596aea9f0d70b164d315
- hash: 658890ddc4ed28a6ac8e416a9ad5550354f49e1395271ec56096c46af1762a6f
- hash: 66be7f342ad97b66e46d3671f8cfc8e75ee22776ee3435e4939a284d8e1765af
- hash: 67207acc8d5369336287724e92f312f09482c72e3ca615404781f9d62df16a41
- hash: 679eff9afd6e7216ad398c64e44719355bff3c9eaa902c6533d19603ac6830a2
- hash: 697308bf72f54168fca249cf24949da3a23e5d9b1c2a089923091c556f75c809
- hash: 69ce8069af624404008d9e8840fd99f572c4877b4394fc4f519e45806fe91a63
- hash: 6b23f3bf6ab8545b13f72ebe526f6b9eebf880ce53cc22d7fe39206e53edd081
- hash: 6b5db31be7db9bf022a6894a560ad9e79a383eb79a3f63aa25483a6a715c856a
- hash: 6b6c60ba3bff4b608c51464009464226c097a203c84216788e612a352b8b1cdc
- hash: 6cb00b5b8848c3c29dba432d3058ff5c36b3b679e38fd591f06bacfb608d384a
- hash: 6d7f1e57cf613a9549b137102445ab25399606976498bb79f61b8d18e8a89c74
- hash: 6db63a1217115a72f1b23de5004de88c5920fec5877033b176dbdd3018c59754
- hash: 6e4a1bcb789c0e578b3ed560d3329476cead062844cf2e8b4a064215f56ea720
- hash: 6eeec26ae16f365896e611a95358aaeb7bfa061d272a372fcbee5b60d523d44f
- hash: 6f50d1abdcca48186f5532e6673e8fa1877437bc8eeae08b2fd9d1abb12b9c54
- hash: 70d2269a968d9b9ce2ef1083b8b51680d1358df7de6ca1a217ab245e2c8acd6b
- hash: 7253d28215385400e7007a06b72c2a6fbe46574c7ea56de63a74133eb60ec617
- hash: 73d6ccf483f7a5d31705555541c205097c42856c611bb4648686ccfeeeaafcc3
- hash: 73efe5220e533e48a090b6f822e5887e7912c67e05f77fad3eb8eba3c4b5cec1
- hash: 7410d9c0d77d0bcdbfe5130d95bc35a832ccb793d1cd3a6a632c7b18280a386b
- hash: 7437d570332d30bea94d9422177566b3d5b82d4f556e56636863c722c72b4b8b
- hash: 7489e1edfdfe837efc7f23dca23b75624bab1ba34b87873feb5c98e78dd9952c
- hash: 74c6089ec0c2c53a5bff9363371d09022fe057b5a8928896fdcc95049c9e56f4
- hash: 75188a71a976730c0b3001422423f81fc9839819eab5fec8927c441dd509581d
- hash: 753f7e8ac73426581c05a7ef79b5110ff4156741b47ed12405b80511d267b714
- hash: 7629c7e26bb3a33ebc3d0dbf26dd528e8a697413915d2722eb828309f04f60be
- hash: 7666496d011d1f5e535bad91a3bc1cbd767f0ccf1d2390a2a9fca52b40c84bb0
- hash: 76b7c41800672f646a3f79f7389bafc2752fc3f194bda63a77e6345ac4659612
- hash: 76da61f2737738689331b2fcc600b948d92317a985e3187d27d4e603674bdf64
- hash: 77205dd9643fc4b5ff4a2b535dce9ab373253a40e3bdd71e25e919d4d0705428
- hash: 7726f7c0260132bdefdb43c4b67cdcc6c1d773f312b6e5a38fb2da3076b33dcc
- hash: 786b6d84bcdc34fc46c90f221b9d185e394660e6f29a633a2a3da8db731a2f24
- hash: 79002775e72f3fc405b972671c7d8c3b8bf1944d3281a646a3e4e8baeef958ee
- hash: 79ad2921194c8a860ebb36f9ae2868d1ba28a80cc99415251e0fb92838a537c7
- hash: 79de00373b412cfa4186a3b155164752fbfea4ee8af1f3ac17667719eca35707
- hash: 79dfde57d55ed3ca0b1f45b91f1093d38dfeade35f3ffa25baf3e8fa648f52ca
- hash: 7b40e382d014381f557981cc4052f9a8f5305bbdd7bac2ee1ef890383da162fb
- hash: 7bd8050dab0f9f23593ccbc3a758d77eda7e8776caf4466b48c7a79a1535facb
- hash: 7ce0eaf5db4d5dcdc261e459cc679a628b847b73f94ac2fc6cd2f79eb2da347b
- hash: 7d22402044b7ddf94ae9e8d7a91174ddfd8c161358cddd7e0b7dab412df1cf72
- hash: 8192cdd6249d9a8ce4270985c97845e0fe5034650f3bcef99be71586a5309711
- hash: 8222733d044fdc7ffe9caffc8fa58df1955de843b4e4e39818fb2877575082c5
- hash: 82af1f2e8466b568ac431b3157ea432c5a73ec8d70c0d145f074527cb4abfd49
- hash: 83296b28eb5ac220c69d36a070467cb5edc740e5f0e8543269f29f4fa45d7ed6
- hash: 85c35dd82a067eb237a2c9e5e02fc8003b93983c961455d9f56adc0395294135
- hash: 85c3c8cc416b561600580e8d11b87a797a9f8d33cb2cc7feab8247dbe79ad2ac
- hash: 87e31f2329269ac4299fbe6fffb6fb5959be1ce26e6fe675679cef0d3e2cea71
- hash: 89304b6060ffe6c9c68ca40e8d5bcca36314053a118a74d2e8c8013da946c279
- hash: 89fd8c8fa8a426c7823c7fe1154a378f8802a06035f434196a46f64122b3a18c
- hash: 8ac4551ade7c9be8b272c31062cc06c5b0f767667b680bf81c714d5d42911756
- hash: 8bc6e1a6513f251fce92add10f222ba5bf9c6b8bc9373ec1cc19c45051c66335
- hash: 8c70356eed9df897263a58526146756a7a55a8d2cc06dd0896838a066d920fc9
- hash: 8d196ddb6b4927a002d3c10260f8968e2c5e7bcc4b3368a6392f38512fc0bb33
- hash: 8f3de3b44f166e5ed78ba0a78960af9c2953dd97af0c71a5f21599bca39753e0
- hash: 902f5662944fd86e30a691fdbcfb18a0e8579649f5ed57b6201981fa027cbf79
- hash: 91e52f1430ef150538228210f53e61d1b583008177ddb019602e6e4f4c6a0255
- hash: 929f42356f717fa25b814af198f20e47bb0e0e992a19059ca6201a8d1cdf9554
- hash: 9323ac7d4636441bd6f79ed9540009e9dfde6b15a8576847d9c24b89ef4ff85e
- hash: 9378fc5ef232754b23541254c5b2d1429c9821fa9df3622f2cbede4b40cb851b
- hash: 941d3c2b72d87e090d84d47c22a141c799a101ef0ac31a91e66b44185132bf69
- hash: 945cd9cac37159d3a80aa909bc8c93563328de044248d4a0e6ae390f7f81fc6c
- hash: 95390187a277c2f4f71e72f060e3669a828cd3eacc3f4763928cf5c58054e0ad
- hash: 95ca5425f0795ac1f3b6b430c0f9bf1a50ef478d6d6785445745217d2d4fc393
- hash: 973182e088867a18792d19e3d6dd3e3fb40a9cbed8009bf68a63d41cebe9828e
- hash: 99ffacd06f6b4b765e3f47e50a69d3f068b172345b35fe3e68a1bad898e62385
- hash: 9a27da20a8ab9fd873ef52671358f84d231d795f0b601b7459a8b42a66d45759
- hash: 9a5d029e72b639dd0f456fb8f7557ff297f0dc4d1efb4d2b485de46c23968b6b
- hash: 9b69b8090bfcc47051547c4aff61c47c8263679f5c2908a5a159665f8a465d15
- hash: 9b840413614cf3ee4a24bfe83671e0bfd6cff10bea97951fade74c8044e4972d
- hash: 9d17a532056220054433850c92b21a163de0ca6592701142fbb0546465f8e267
- hash: 9dcc48e9885fbae67db0ccbb38b2d69992ab037adfc5d29c4f71f77a3fdadcd9
- hash: 9e34808a9841949bfcabd93d76e0a72a0f321126df1f48e067e5145d7e9e3616
- hash: a3b840cd59234ca370014455a8890677982cb8d8cd19a4457775db49206b400a
- hash: a3beb775a42a4f2411101589a145f2214da30585977f786c099a6ceafe688f67
- hash: a3d8c295bb63ace25f1953a87a2e2472041222f6081348f2feb9a8b62fa1ce07
- hash: a4312577897f38c5330df315e4b24192c4309040cb4266a0d166dea2d7b0334a
- hash: a4bffc80371863a17d41210a009448797ddb79c052abe5bff5d9b7c53aac3e15
- hash: a622d9ff0c2df4e84fe5c40e764bd4fdacc1eaae787c09037a8c3fd1d862a884
- hash: a9e80d4112d10199949a57eec9aaf44e24be69cd7eab6ba516aff8be32d6ce49
- hash: aa1e8d44297a00fa5c1a3037b6ffc2eb622a0361128bfb39fc133604631712b6
- hash: aa8f97e39870a52413a67b359c464dff836f079139014265d43cd3eba66a2ee9
- hash: ab4a8ce83f7936a7a3350980a2aa2da9778e27c66e51956bb700f5f1fae18cb3
- hash: ab670f92a7cfed1f2830eaa8df073b57dcc212e47d068d914a06ab3c630d5baf
- hash: ac476322fceda06aee00a239e13308d1447b2b37ce76638951ffe1886ff26c09
- hash: ac584f4bf9d332c8f2a29062a18435776a3607c039f5a190e341c4b739842616
- hash: ac8dea96712251093c24b114403ebed3fe8759951d2a08f537d73c711facf6ab
- hash: aca9c0a1de95f4f7880e39b74fcd22a9931fe18663c1aca462460e2eaafb670c
- hash: ad9d82221d420824037a47664831364344c59e284d3ba797989b806078b3bb73
- hash: b2021b92db1c276f998e6c0c8c013e74f6367e8e43c3e9446a78e3de5fa61e92
- hash: b20e9af3c4b11446afbe8d3de36604e74563541d0480a0a2e0f8c694eb7e3b6a
- hash: b295724bd106811d13f0f51035e1ac1dcf1a253453caf50ddd4167b14b663081
- hash: b44c4a59061ad57d5a0445e20d0cc29d09420c9967ddc2917447a4b628a9ca60
- hash: b4c854ca0a600214474d5f766fbdb80a3af24fb3a413e363420975404b7dc726
- hash: b5b1ada7b8c4ac1b85833e7457b41976b57d3ab4f376c8206a3fe0daa5663fdf
- hash: b60ab07de49f01e03d04e233b9d296c532f869ef5c55c455201d186d2bd8f2dd
- hash: b720af85cb166b7d554b2ad24a6f32c45da4cfc5a4c524030eca76a1f790ff26
- hash: b8160fddfbadbd11f8205d65be49687eb6e6a7fa74e09f5fc7be25e3b3fea79e
- hash: b921a098a2ebee48cf1cfb73ecb356e79cd3ec48e2cc46a7e669f17491e931c9
- hash: ba35cd7a6b5ad342a65fa74b7e2e8c020c77b91b906a93a15bf02a5820f6a334
- hash: bdda7c7040f9790274f549e5b29ee3bf2120ec473bd1e74276b7d22efff06ee5
- hash: bde88b7cddbb10ac3bfe03500ae65b2a40fc28a8271744bf2bec695794ea35ab
- hash: be63d2d2afc08627c2d24cf23183974fc0e842df56d3d63fcd0ac58feebe46d6
- hash: bf157f7f230ade23f395d15e96c447a9f92c23705511e3a70dfd9ce5d67c9bce
- hash: bfcfc4dd196a0d1135bfb33fabee1eb45546287dbb1380b6cb73370194206d1e
- hash: c01f26fc6e31bc5b03783975f34a11a502a02339e340a4a334c39f7416c74fae
- hash: c09b33dcd75c85a518ef8628f17a223bf60c9d482ab43531803822675a083711
- hash: c136d7beddeaff3056107cd212debeaf410f92e56cbc82b55c3c36947a942e9f
- hash: c145fa884087cce8618d365c33ebaedc289b87627c0db60aa345442ba1d68f44
- hash: c3de8817e345bf165eb4ef895b53b1fb81332454e6e67336adf4dab74581f056
- hash: c3fa491b373b82de8547f1813ef5f06a57f120e42ef3e304194321eb0612e3a0
- hash: c4eacc1f979512a7a952d00962fabc90ed91b70d63c16370164478b46d19752d
- hash: c7aa72d3e835b5fabef5130ee316eb8708bbdccfd3b7d44eba5871c0d5c56a95
- hash: c91f9ef587e4cce1cf97dbc8a62f7e734f0eb3611b8d474a6531a5aa11de3cb0
- hash: c9295e5a87e0bff96136871c922946645907c359826a88eb65236a5b5ac99569
- hash: cc96ca573ade4125a1eae3e09df7533aa5057c06348a9c2ef3b49a0678a2c7c0
- hash: ccbd7e7768661f916783ba1ca38a073b34bcfdc16e2c4baac8e7fdcd7bf527e1
- hash: ccdaf74c2eb1508d09f23b86f79546ae6ab8ffb03a7b47fe9d6a546d4e25fc9f
- hash: cd3e78bdacb91a8f6af1b8158886c0f17c694f032a83f16300cf9bd97b842296
- hash: ce6d5b11e3dc186154059bbbe1d7ba525c2b35bcdba1f153cad45994cb2d9b98
- hash: cea9b158ed5aa388ab7da667f343f7345b2453c6ea7269a71b6569a10b6e7df8
- hash: d0c31c3e8200a47a874c9215ee93bfed61299fb58d830f986e9dd71fcc3cdf3b
- hash: d45fbf98509c60b65d339796f9cb9bdcbb7858346bdd38b6313095b6bfe5a474
- hash: d5cc3caaf32b7c9dffa90c00030c1e3a3a66fe9cfcdea78f6b16b3fa70f50ffe
- hash: d6246aedf5c17acbab371c3d15832cd14fee10e13f265912113d5b4e4362a911
- hash: d6ccbedaee92fe82e96007c9170830df32d5673390ce50d54c98e69b5d28857d
- hash: d6f0227a7c4dc8493b5f6c417ebac7a30f0bf92f7e2088f77e70c313de41ef15
- hash: d70b089c33f1c8b45c0dcd062e62d77bc2b297b1da22dd3521eaa9ebdab9a3bf
- hash: d9dc488b938deb0f8af528fcecc5696f1486e8d807c3e2ec21665203226f9d7e
- hash: da74128cd51562bc0a72251d4d6f905b634b851dc8ea461a6ad99354a12daf69
- hash: dca323570a30629f330eb1a16457d6c695b15022556e9f61de2a50f3bd931a4c
- hash: dd6d54ef42c63214021861ddae545764e499a295b736999f9d8a947a3e0173b0
- hash: df4aea58af28d57f917a0abdd8fe6b2a7f7be813e5b823514c59df1acbec2c77
- hash: df6c70ac65628a9d448abcf596b1af3a775771d3ba121a424400a24f433f56bf
- hash: e00a5642240e0cdb42127cfc2284d21c51099b40b58d09e14fed9fafa51423c4
- hash: e24ec87a2ca75e23a585c0695eddc1c825481093bbc3cbe54409ead37e527f6f
- hash: e26b1dee15ab0e8d70594d049140879a96979960f9b5d97f9a468a39b6f1265c
- hash: e3470d1d70642f8790523b623826d98bb357483cee019ac550abb348ee832159
- hash: e37e0edd405a348899281092cd4b969fd67ea7b7425a9eabbbedb42f7dae5046
- hash: e41c7eae55b42be4697853e6c67031a7bfbf5c0f35bd120e7f28fb4eb345b251
- hash: e6afbe6fef2365d89a4dbb0e9552b41f795b4752e5032f5bdc92e781dbb25cd7
- hash: e6eb6c347449657e1c4dc8ce1029c1543aaa323ba18f51123c05f1fc4ddbf792
- hash: e84346e77a69588a1c7258e007f6e719176426bd7c0d0a46784f7fb8db665026
- hash: e9dff07fc4a368078f9d2f631d6d73a836db0e2784082fcb7dc5b61fdca1b0e6
- hash: ea9b5b5bcb249fa4c2f9b58381414b2df886a25413597902deb8e90903178ec4
- hash: eb6c431ecf7e04d8c166b93e0dae1426001def08859ab0cf544eba072ed8a579
- hash: edc45d37c67a26ee1a6e3e020e7df3ce0200e85f861c9eb2bf881c21a61cd8f3
- hash: ef14f781fe133f0622c1a83ba9e10cded62a8a1ec10f44f5340ee28d5e2934f3
- hash: ef500c31ac0dbfd87107f4a3b0815cf0e646af6c85860461264eb8de06fbba29
- hash: efbc993f028c4501596462969f22995e3c6ba19278d5cd226bade5d831cfe354
- hash: f1a000807fabe0ec21adbc3729e40f6a8c1a2e999237392da854fba559cb0ece
- hash: f20dce1849c2cc2c9ca79808831b8b1d660dc4a295ef5272b8cda3ee75547e39
- hash: f2efa0cc09aca10e8189fe4afb477d428f53eef2bd053de1bfb2c84f4231d930
- hash: f2fb617e2288cf5bc34a35d4ac518c0506d1d0b3c23c91180a269922ee99ea33
- hash: f3e402d6ab871ca9aafe77d5521103581f3e471f1106646023692f7a7e615bde
- hash: f470da2e04c1b7f51d7981d69e05e3ed80b743523329af5aeb887a15ec34b6db
- hash: f5e1bc6ef70eb4b4b8c93a2d8e77d584c35f7a04a511c7390feda87f13054c52
- hash: f68228ac4d325bcca13f8821bcd9fb207c36697bf9a097a80de063e08f4ff940
- hash: f7e40b7bb8db7a5ee5e50ea056c61bc9e4edb987986059a94f90e1f2cea0e4b5
- hash: f832173317e88a6ae9a12a54b97761fe733c5431e7b10315a029716f8e26aba2
- hash: f859144e977d02ce38eb00d579f3bc8e824af15d0a379bd6e305c09ab3a7fac4
- hash: f92a52c5165a77828a7eeab01c2dedd86fd154ebfbeff314c76237e529024c6e
- hash: f9ef3b5d4ca512b5afb2d7a98222166543a8b06aeef4d50492a560b4575eb37c
- hash: fb19d39ef1f8cea3dbd3812bc5e2a127128afd5c40d5e605b5656f56efe5a099
- domain: 1312services.ru
- domain: 1312stealer.ru
- domain: bananasquad.ru
- domain: dieserbenni.ru
Threat actor Banana Squad exploits GitHub repos in new campaign
Description
Banana Squad, a threat actor first identified in 2023, has launched a new campaign targeting GitHub repositories. The group has created over 60 trojanized repositories masquerading as hacking tools written in Python. These malicious repositories contain hundreds of trojanized Python files that utilize encoding and encryption techniques to hide backdoor code. The campaign primarily uses the domain dieserbenni[.]ru, with a new domain 1312services[.]ru detected recently. The trojanized repositories exploit GitHub's UI feature where long lines of code don't wrap, allowing attackers to hide malicious code off-screen. This sophisticated technique makes visual detection challenging, highlighting the increasing stealth of supply chain attacks on open-source platforms.
AI-Powered Analysis
Technical Analysis
The threat actor known as Banana Squad, first identified in 2023, has initiated a new campaign targeting GitHub repositories by creating over 60 trojanized repositories disguised as hacking tools written in Python. These repositories contain hundreds of malicious Python files that employ encoding and encryption techniques to conceal backdoor code. The campaign leverages GitHub's user interface behavior where long lines of code do not wrap, allowing attackers to hide malicious payloads off-screen and evade visual detection by reviewers. The malicious repositories primarily communicate with command and control (C2) infrastructure hosted on domains such as dieserbenni[.]ru and the recently observed 1312services[.]ru. This approach exemplifies a sophisticated supply chain attack on open-source platforms, exploiting trust in publicly available code and the collaborative nature of GitHub. The use of encoding and encryption complicates static analysis and detection by automated tools. The campaign's tactics align with multiple MITRE ATT&CK techniques including T1132.001 (Data Encoding), T1204.002 (User Execution: Malicious File), T1553.002 (Subvert Trust Controls), T1140 (Deobfuscate/Decode Files or Information), T1608.001 (Stage Capabilities), T1027 variants (Obfuscated Files or Information), T1588.001 (Obtain Capabilities), T1078 (Valid Accounts), T1102.002 (Web Service), and T1059.006 (Command and Scripting Interpreter: Python). Although no known exploits in the wild have been reported yet, the campaign's stealth and supply chain nature pose significant risks to organizations relying on open-source Python tools from GitHub.
Potential Impact
For European organizations, this threat poses a substantial risk due to the widespread use of open-source Python tools in software development, research, and operational environments. Compromise through trojanized repositories can lead to unauthorized backdoor access, data exfiltration, and potential lateral movement within corporate networks. The stealth techniques employed reduce the likelihood of early detection, increasing the window of opportunity for attackers to establish persistence and escalate privileges. Organizations that integrate third-party open-source code without rigorous validation are particularly vulnerable. The campaign could disrupt software supply chains, undermine trust in open-source ecosystems, and lead to intellectual property theft or sabotage. Given Europe's strong emphasis on data privacy and regulatory compliance (e.g., GDPR), breaches resulting from this threat could also lead to significant legal and financial repercussions. Furthermore, sectors with high reliance on software development and cybersecurity, such as finance, telecommunications, and critical infrastructure, may face elevated risks.
Mitigation Recommendations
European organizations should implement a multi-layered defense strategy focused on securing their software supply chain. Specific recommendations include: 1) Enforce strict code review policies that include manual inspection for suspicious long lines of code and obfuscated segments, leveraging tools that can detect off-screen hidden code patterns in GitHub UI. 2) Employ automated static and dynamic analysis tools capable of decoding and deobfuscating encoded Python scripts to identify backdoors and malicious payloads. 3) Maintain an allowlist of trusted repositories and contributors, and restrict the use of unvetted third-party code in production environments. 4) Integrate Software Composition Analysis (SCA) tools to continuously monitor dependencies and detect trojanized or malicious packages. 5) Monitor network traffic for unusual connections to known malicious domains such as dieserbenni[.]ru and 1312services[.]ru, and block these at the perimeter. 6) Educate developers and security teams on the risks of supply chain attacks and the specific stealth techniques used in this campaign. 7) Establish incident response plans tailored to supply chain compromise scenarios, including rapid revocation of compromised credentials and repository access. 8) Collaborate with GitHub and other open-source communities to report and remediate malicious repositories promptly.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://securityboulevard.com/2025/06/threat-actor-banana-squad-exploits-github-repos-in-new-campaign"]
- Adversary
- Banana Squad
- Pulse Id
- 685444dd82d2d53888c6afb4
- Threat Score
- null
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hash11a7688a08d9d389632391d013d6f24e | — | |
hash3c7255e4e0429c15ef0dea4155e5bb7d965b2e07 | — | |
hash000fe2a6c7d9bcec61e52dc751dd867c622ed9ef2fc434210707628f04bed041 | — | |
hash0051e9ef07a06771cedc1599d0d1e6b904ea93984a9fd3ea9e8996abfe36e9cb | — | |
hash00e28ac8c58a7ac50bc116c1811f6ca8aa9cae7656bb7c22a6f80ce734daa3f7 | — | |
hash027191e6cdd24ae8a5c0fa0d6b07aee7de4c0b030b21cf87b2f2096aa058148e | — | |
hash058392b82ffc1a857e461df3f411149848b41af358a2c6dea250bf196b641bfc | — | |
hash076e7d15d82ccc588cd5efff50fc31b69ef6246b7612ac65c79fc1c0118f95a3 | — | |
hash0776f861f4cf9aea359d937c377d99829d479ae0cc89eda340b7d89869145934 | — | |
hash090aa58379fe014b49b96ac8178c2c7f3e7d10edd11e1a3002a1549c506d62f2 | — | |
hash0b9c64996c74c5dcb5ae78ace2c1b244a1bf3345c619125fcb22b35adee08481 | — | |
hash0d6b6531e9826bb25affc3dcf2f2f3b00c214748b37c79eef012b570533b09da | — | |
hash0f378c9ed80673785cf4bb34012ed6e14d522fd0b3742492c573255d21e0d93e | — | |
hash1105948bb8db90023e80641e5720fd8117a52e2cedf08e1a16bdd16efe0db13e | — | |
hash13237cd6e490801015ba0fda3251fe6c5c6900ca827ec691f6ad77518c37ebd7 | — | |
hash13e6c4948c92d90733fdb86e2c741a6a0878b06582acf2c72cac2f1493e84796 | — | |
hash14ff32f1763c1035a1641a36a100b2c089c2b57cfa0e98e59da445bb824175cd | — | |
hash15a8108458f0d3a6c9bd86fd13d17e49133b98fecc4619f79cea2ed629be3b94 | — | |
hash15ad414a060d1e740c1dc4558936af0bcd0ca07b1e84a7ad99cc3b7ca5ec4cbb | — | |
hash15c3c1959f5ca2cc097c884fd9133dbd1239395e6b065154b9118e3bd1d9b5ce | — | |
hash15c6a38110ef1da0ba9600e7a5aae221bbad7230f3d0b82218f033fc2103fb86 | — | |
hash15e67a4e034ca0033ac69ba6db608a3049c635679142f337f5535da09b6135f2 | — | |
hash16c872ce461707e3a774d4d9f90d63d2900484f9211d2d323a5415bcba431230 | — | |
hash1a060f020a0acfbf42a27f74393028dec5d4319ab8deb4c6105d6840870181b7 | — | |
hash1b1cdf83eabae9376c866fe7ab051e8f0c136f1e8dc3b6baed9e512bc60fe7ec | — | |
hash1b397b7c6783739947837d79cdd1f9e4d0297431d21f77041d6eb6f12dea33b9 | — | |
hash1c37a1c32674faa327e7f932289a21e5471460a503e48ab1fac9fbe0ec90e28a | — | |
hash1d4f584724958c2e2d04cdf678075cab50a04b1bae0e1f951bd0205e0350a181 | — | |
hash1dc6a2ebbb1f2346a9a2da7f0a3f3b871c5fa3937b25b3c332db340eae219a7b | — | |
hash1f092e9d691c0743b28e846fb247ff8a1ea9b4d6d2e508d227a69107eb96776a | — | |
hash1f9550d25430a46dc71501687507af4d813c445e5f2133a2093dce780eb43416 | — | |
hash2011f4fc58c8d6c32371b7c706a08fe8a858620d1e2a3fd092bb0bb166bfafe1 | — | |
hash204abd1ea0ff7c079a17a9172fa1f772b3f177e72c43ab23b01a86272ebe984d | — | |
hash2201c7b74d1892ec22e433c5460d783e0a794418932a2d5be7667d1103f204a1 | — | |
hash2568dcefce76520f78792bf2055b8aea8a97a7c6631df37552662b6c9848afc5 | — | |
hash2575a051143d8a82a7b96b7b46858d786d4f5ea84e100eb3be62201c992c28bf | — | |
hash26ed0ab1341b9ae7abdc66dd6f429bd4c5ad06a7b99c90b584dda873d0d591b3 | — | |
hash27610b73244798454ac56562a34a1ed7b33288ca2f41cb4c88137e93ef16b576 | — | |
hash277b08cf2c0002dde67e4655c5a3e41315cc1efbfeb84786a0255df733f93da6 | — | |
hash27a631c5f28eaae7cf01b05833cb8627f37a149e9f3797c43f1d261901f69599 | — | |
hash288f29ec854aa6b09f463498d9292f3e5d2926318cf05a4ca76a24381e5d6283 | — | |
hash292087dc389a6b439d26a10ba1d1982c5ad745a5193b64fb85fa9a259f634f6f | — | |
hash2955bf6cd3aef2e4dcacbaa1dfc7bd0b62c21b0b9710a1a4bcaaaf83fc0b6c70 | — | |
hash298af6faf050db38463e43710d26c57a1ab02f0db48106eacc9c8e9ab704ebd8 | — | |
hash2d35edcc5d553671ce24c95ecf4f3370af70687d779533ea79a620f2ad4fba34 | — | |
hash2e348dae0d33154eb9a982eaa5e733324c3791d4733d5b32b8d20352f4f3798a | — | |
hash2ec498b8e1bf0a5abbe8bd57cbb7571fe755060b5ac5a2d11f56c2c79115f818 | — | |
hash30d7020b1dc5e41667d6b0e8504461ec67a4b1dd0e59fd73d4801edee1da4633 | — | |
hash31659b20bd5512ac19ab529c59eab5e055d93aa8891fdb814843c4ec9c7d2986 | — | |
hash3214169c1dd9577f7e870ae3eee92ee96c9446e9554a6092b877f1022e399da7 | — | |
hash328f87e4ff28f0179ab159c85a56987d65cf5d957d9b0544d616148adbcde3da | — | |
hash34a4d4923c6997c4dc4f69b676b0e1f8e8b955a17defe43cf52d4e5fb1f03393 | — | |
hash37b1f28d60f6bb30920e0d5a3bfed9ad35cdf0360ce17a64c70f0ddfe1595cde | — | |
hash392e2eee37396d9059c5e5756860d2213a3606b185cb0e3f2680b7f26035bf8b | — | |
hash39abf291ffdeb98a35412f74b202da0db8ecb24bcc995c49d7386ee39b073a6e | — | |
hash39b8644762ee6b60d686102efd8a31335b358fed816301894808ebe83a28245c | — | |
hash3a1c6d13c44a25ff9b1302e2fb003ad2df9d77dc4fec60ccdb187bb8fabfef16 | — | |
hash3afaed45390c9ecf247586a701e19e7da7764cd15699b127a60885a78bea9a98 | — | |
hash3bf5d484396fdac3ad6462e9c40cca346187813e92cc456b18271c98097f0899 | — | |
hash3ca17964c580a5d8a6729ffa4285e39bb7141aa4e950c5595695b1d4d98343b8 | — | |
hash40698bfd7774640419083543bd39b5d08e97abc6e0e39c69f951b473f6beee0f | — | |
hash40877d8cc62f0d000f1687629a6d60ad5ce0fface1c4418dd6033f4e43c18093 | — | |
hash40a17984bc35f9ceea62787f5a9f40050b69cbf0fac11f662fcc8020679bdc8e | — | |
hash40b4c224a0acfcb40232f200ce8c8e011ed6e33da260afc25a4db3e964998aa6 | — | |
hash40c67f10599697fe2133df5b29bfb135c77c29136089d34fef57fa32cf7743de | — | |
hash412d52189c9dc6ca584b591bd7b239e8f724a3e559ab0410bafa21e70e30a889 | — | |
hash414db3d3637b9346a39ed8104d24c1d201d4f36b5f81017cce51b2de29e5e84f | — | |
hash4175e56cb4a7e2c4da780cb85667f9444428f72bc4700e988486ab3c505c08a7 | — | |
hash41d26632a69d7ba7b5b6b9b5ea53af7e194ce53d1146e30a706f356d49c0c069 | — | |
hash42ac9b15c8c6b245cde35f012ca9c887ad1f9dfe531ec5e1867725f44728721b | — | |
hash44db08256991d763c2851301036eb0e4757ab1b81c02b0e26ba040d6dfe05907 | — | |
hash45e2862b9c7fe5ba17641b9c8690950a921fe7f3f08d8bb496e260e62c8e1f99 | — | |
hash460bf1412a3809e0dbc1b48926361cbf6efb5e73286f2b716de1707752db7b8f | — | |
hash485ff44a45d84490c7b1bc9e71b176ba314b9fff515dd76aeba0b2b09583e9a5 | — | |
hash49b556c5425239d0d2e9d0e3c0ab0deeed5348a02f808b54d08461c824a83b37 | — | |
hash49c59d5497a68550a58f326932f4a1302a6e5b71220ac249a37f10191e2d319b | — | |
hash49d3e213f0a509af9c251f7dc7717333e492e31df868dcf2523a5e4fa2b2fd6e | — | |
hash4a0e7c48eb7541e70111b932ba5d71420d3c5ee7c5cdbeffce78058025730573 | — | |
hash4a1089e50691a19f12b701eda7e9eef71bb5ebce632a275512105fd27b790bea | — | |
hash4abfeb569bbe7419e0593d9a38b1c2310156718381e676ac0e2bedf8fd3ef4c1 | — | |
hash4af4643f1ed29d8383007b67b764f9762579c2b574077b06dc6ce8dee1c681e0 | — | |
hash4b12ad9764f186332017598f7c24e71916bc829723338e1c9207d2c73170bcdc | — | |
hash4b224bf7e30b7dc236905f287f1e3b7429da52655b50c26a6e7502d72c75f808 | — | |
hash4bdbecdd22917c4bff624347403a33547a787e3b60535f88c97e63296ab78ad4 | — | |
hash4e822aa2c33d218ee6a740b8aa42f7e202922abaca34ec789e9006f8be7199f1 | — | |
hash51d66a2c534e8238c64cf2df622cbc6030ac97f6ae24323a664787724c1a7505 | — | |
hash5273a5bfc3a8e04b036d9844832f073c29b614040b98c863f249f3c4fdff5cbe | — | |
hash537893b214cb4b377cb0f8e936560baec6d96eaa2552b60bf6df9b4dd1cf6d45 | — | |
hash53817fea6baf657b3fb8f96ed23de6742709d785cbcd8f20fcbb1e8d724ae77d | — | |
hash5399e99a9969a420fc7946ec00eec5daf3a4f3a78e3a46304179d7d1989784e1 | — | |
hash54982b11957d94c819ab93d6bbb50145450f57c67e384016ec62a8c7e1ba1532 | — | |
hash553f222d4419b6d10fbc61526ffa0e604ee381b17e5c5dc55fcc2d6f69a90a34 | — | |
hash575591f2aca1326c15c4a907e4261713795ead1d87fbaa92d3fa997b32e5845b | — | |
hash576d094de394cff90060cbd6e7d6e656173d8ca6c2af53ded915faa541e7cd5f | — | |
hash578d77adf1d4aab9959f500c8fac78c7d2c7cd791d8a972389bf647611a9cf82 | — | |
hash592724f1e7582b81360b5851b2433dabd3000575a26d6cb3ee74cbcedc972694 | — | |
hash59baeea023628f2a2641e6f3a2bf368e5626944482c0a139bb809d0cda3e33e5 | — | |
hash5aa29dfdd25870150c8b97a2bd95c2c6289e23b0ec50b22d613e5ac13cf4a0b1 | — | |
hash5aef27475754bcb12c7a47bf6c4eab519ba0782de623e90cd5ac1b3e44f60309 | — | |
hash5d2c393f7b21ef318319b28d3f6f876d2ec0acb6fcdfa72aef3948f702d2f7f6 | — | |
hash5e9051f791455d1917a4896f893407840c3272f2d9d23745aff25e1cf3df00b0 | — | |
hash61a04ebe05b0615a79ae435a340ece1cd20655a14c34c307ab8fb638ef66a11d | — | |
hash61ffeb53b7b6ee7684e703915ec616c2980d92bea7c7bc9e0da1e04ef8b3f6c7 | — | |
hash6202e1d0b9d4f9cc467612c3a41dc304592ce20a46469419a69bdf26295e7a63 | — | |
hash62c9d8fe7d320b424998361599ccfd48a1cf8696fefeb6250ff10cde88da177f | — | |
hash62d02474cc769d3cab2aa12a093a07776972223b914f999e3051ff34d00b3ada | — | |
hash62e985c1800955332d2f81a05b731c5eb5082ffa80d99e32a622baaff3386866 | — | |
hash640be033604953aa01064846b3cabb7f9831d23794401f66436748548c89aaea | — | |
hash6419a9f1d5d142246ad1527fc5848f8bf57982165833cdde0606489a8a793362 | — | |
hash64a6230835b9d42be6879cb6e7d9fcbcec31491b96bc596aea9f0d70b164d315 | — | |
hash658890ddc4ed28a6ac8e416a9ad5550354f49e1395271ec56096c46af1762a6f | — | |
hash66be7f342ad97b66e46d3671f8cfc8e75ee22776ee3435e4939a284d8e1765af | — | |
hash67207acc8d5369336287724e92f312f09482c72e3ca615404781f9d62df16a41 | — | |
hash679eff9afd6e7216ad398c64e44719355bff3c9eaa902c6533d19603ac6830a2 | — | |
hash697308bf72f54168fca249cf24949da3a23e5d9b1c2a089923091c556f75c809 | — | |
hash69ce8069af624404008d9e8840fd99f572c4877b4394fc4f519e45806fe91a63 | — | |
hash6b23f3bf6ab8545b13f72ebe526f6b9eebf880ce53cc22d7fe39206e53edd081 | — | |
hash6b5db31be7db9bf022a6894a560ad9e79a383eb79a3f63aa25483a6a715c856a | — | |
hash6b6c60ba3bff4b608c51464009464226c097a203c84216788e612a352b8b1cdc | — | |
hash6cb00b5b8848c3c29dba432d3058ff5c36b3b679e38fd591f06bacfb608d384a | — | |
hash6d7f1e57cf613a9549b137102445ab25399606976498bb79f61b8d18e8a89c74 | — | |
hash6db63a1217115a72f1b23de5004de88c5920fec5877033b176dbdd3018c59754 | — | |
hash6e4a1bcb789c0e578b3ed560d3329476cead062844cf2e8b4a064215f56ea720 | — | |
hash6eeec26ae16f365896e611a95358aaeb7bfa061d272a372fcbee5b60d523d44f | — | |
hash6f50d1abdcca48186f5532e6673e8fa1877437bc8eeae08b2fd9d1abb12b9c54 | — | |
hash70d2269a968d9b9ce2ef1083b8b51680d1358df7de6ca1a217ab245e2c8acd6b | — | |
hash7253d28215385400e7007a06b72c2a6fbe46574c7ea56de63a74133eb60ec617 | — | |
hash73d6ccf483f7a5d31705555541c205097c42856c611bb4648686ccfeeeaafcc3 | — | |
hash73efe5220e533e48a090b6f822e5887e7912c67e05f77fad3eb8eba3c4b5cec1 | — | |
hash7410d9c0d77d0bcdbfe5130d95bc35a832ccb793d1cd3a6a632c7b18280a386b | — | |
hash7437d570332d30bea94d9422177566b3d5b82d4f556e56636863c722c72b4b8b | — | |
hash7489e1edfdfe837efc7f23dca23b75624bab1ba34b87873feb5c98e78dd9952c | — | |
hash74c6089ec0c2c53a5bff9363371d09022fe057b5a8928896fdcc95049c9e56f4 | — | |
hash75188a71a976730c0b3001422423f81fc9839819eab5fec8927c441dd509581d | — | |
hash753f7e8ac73426581c05a7ef79b5110ff4156741b47ed12405b80511d267b714 | — | |
hash7629c7e26bb3a33ebc3d0dbf26dd528e8a697413915d2722eb828309f04f60be | — | |
hash7666496d011d1f5e535bad91a3bc1cbd767f0ccf1d2390a2a9fca52b40c84bb0 | — | |
hash76b7c41800672f646a3f79f7389bafc2752fc3f194bda63a77e6345ac4659612 | — | |
hash76da61f2737738689331b2fcc600b948d92317a985e3187d27d4e603674bdf64 | — | |
hash77205dd9643fc4b5ff4a2b535dce9ab373253a40e3bdd71e25e919d4d0705428 | — | |
hash7726f7c0260132bdefdb43c4b67cdcc6c1d773f312b6e5a38fb2da3076b33dcc | — | |
hash786b6d84bcdc34fc46c90f221b9d185e394660e6f29a633a2a3da8db731a2f24 | — | |
hash79002775e72f3fc405b972671c7d8c3b8bf1944d3281a646a3e4e8baeef958ee | — | |
hash79ad2921194c8a860ebb36f9ae2868d1ba28a80cc99415251e0fb92838a537c7 | — | |
hash79de00373b412cfa4186a3b155164752fbfea4ee8af1f3ac17667719eca35707 | — | |
hash79dfde57d55ed3ca0b1f45b91f1093d38dfeade35f3ffa25baf3e8fa648f52ca | — | |
hash7b40e382d014381f557981cc4052f9a8f5305bbdd7bac2ee1ef890383da162fb | — | |
hash7bd8050dab0f9f23593ccbc3a758d77eda7e8776caf4466b48c7a79a1535facb | — | |
hash7ce0eaf5db4d5dcdc261e459cc679a628b847b73f94ac2fc6cd2f79eb2da347b | — | |
hash7d22402044b7ddf94ae9e8d7a91174ddfd8c161358cddd7e0b7dab412df1cf72 | — | |
hash8192cdd6249d9a8ce4270985c97845e0fe5034650f3bcef99be71586a5309711 | — | |
hash8222733d044fdc7ffe9caffc8fa58df1955de843b4e4e39818fb2877575082c5 | — | |
hash82af1f2e8466b568ac431b3157ea432c5a73ec8d70c0d145f074527cb4abfd49 | — | |
hash83296b28eb5ac220c69d36a070467cb5edc740e5f0e8543269f29f4fa45d7ed6 | — | |
hash85c35dd82a067eb237a2c9e5e02fc8003b93983c961455d9f56adc0395294135 | — | |
hash85c3c8cc416b561600580e8d11b87a797a9f8d33cb2cc7feab8247dbe79ad2ac | — | |
hash87e31f2329269ac4299fbe6fffb6fb5959be1ce26e6fe675679cef0d3e2cea71 | — | |
hash89304b6060ffe6c9c68ca40e8d5bcca36314053a118a74d2e8c8013da946c279 | — | |
hash89fd8c8fa8a426c7823c7fe1154a378f8802a06035f434196a46f64122b3a18c | — | |
hash8ac4551ade7c9be8b272c31062cc06c5b0f767667b680bf81c714d5d42911756 | — | |
hash8bc6e1a6513f251fce92add10f222ba5bf9c6b8bc9373ec1cc19c45051c66335 | — | |
hash8c70356eed9df897263a58526146756a7a55a8d2cc06dd0896838a066d920fc9 | — | |
hash8d196ddb6b4927a002d3c10260f8968e2c5e7bcc4b3368a6392f38512fc0bb33 | — | |
hash8f3de3b44f166e5ed78ba0a78960af9c2953dd97af0c71a5f21599bca39753e0 | — | |
hash902f5662944fd86e30a691fdbcfb18a0e8579649f5ed57b6201981fa027cbf79 | — | |
hash91e52f1430ef150538228210f53e61d1b583008177ddb019602e6e4f4c6a0255 | — | |
hash929f42356f717fa25b814af198f20e47bb0e0e992a19059ca6201a8d1cdf9554 | — | |
hash9323ac7d4636441bd6f79ed9540009e9dfde6b15a8576847d9c24b89ef4ff85e | — | |
hash9378fc5ef232754b23541254c5b2d1429c9821fa9df3622f2cbede4b40cb851b | — | |
hash941d3c2b72d87e090d84d47c22a141c799a101ef0ac31a91e66b44185132bf69 | — | |
hash945cd9cac37159d3a80aa909bc8c93563328de044248d4a0e6ae390f7f81fc6c | — | |
hash95390187a277c2f4f71e72f060e3669a828cd3eacc3f4763928cf5c58054e0ad | — | |
hash95ca5425f0795ac1f3b6b430c0f9bf1a50ef478d6d6785445745217d2d4fc393 | — | |
hash973182e088867a18792d19e3d6dd3e3fb40a9cbed8009bf68a63d41cebe9828e | — | |
hash99ffacd06f6b4b765e3f47e50a69d3f068b172345b35fe3e68a1bad898e62385 | — | |
hash9a27da20a8ab9fd873ef52671358f84d231d795f0b601b7459a8b42a66d45759 | — | |
hash9a5d029e72b639dd0f456fb8f7557ff297f0dc4d1efb4d2b485de46c23968b6b | — | |
hash9b69b8090bfcc47051547c4aff61c47c8263679f5c2908a5a159665f8a465d15 | — | |
hash9b840413614cf3ee4a24bfe83671e0bfd6cff10bea97951fade74c8044e4972d | — | |
hash9d17a532056220054433850c92b21a163de0ca6592701142fbb0546465f8e267 | — | |
hash9dcc48e9885fbae67db0ccbb38b2d69992ab037adfc5d29c4f71f77a3fdadcd9 | — | |
hash9e34808a9841949bfcabd93d76e0a72a0f321126df1f48e067e5145d7e9e3616 | — | |
hasha3b840cd59234ca370014455a8890677982cb8d8cd19a4457775db49206b400a | — | |
hasha3beb775a42a4f2411101589a145f2214da30585977f786c099a6ceafe688f67 | — | |
hasha3d8c295bb63ace25f1953a87a2e2472041222f6081348f2feb9a8b62fa1ce07 | — | |
hasha4312577897f38c5330df315e4b24192c4309040cb4266a0d166dea2d7b0334a | — | |
hasha4bffc80371863a17d41210a009448797ddb79c052abe5bff5d9b7c53aac3e15 | — | |
hasha622d9ff0c2df4e84fe5c40e764bd4fdacc1eaae787c09037a8c3fd1d862a884 | — | |
hasha9e80d4112d10199949a57eec9aaf44e24be69cd7eab6ba516aff8be32d6ce49 | — | |
hashaa1e8d44297a00fa5c1a3037b6ffc2eb622a0361128bfb39fc133604631712b6 | — | |
hashaa8f97e39870a52413a67b359c464dff836f079139014265d43cd3eba66a2ee9 | — | |
hashab4a8ce83f7936a7a3350980a2aa2da9778e27c66e51956bb700f5f1fae18cb3 | — | |
hashab670f92a7cfed1f2830eaa8df073b57dcc212e47d068d914a06ab3c630d5baf | — | |
hashac476322fceda06aee00a239e13308d1447b2b37ce76638951ffe1886ff26c09 | — | |
hashac584f4bf9d332c8f2a29062a18435776a3607c039f5a190e341c4b739842616 | — | |
hashac8dea96712251093c24b114403ebed3fe8759951d2a08f537d73c711facf6ab | — | |
hashaca9c0a1de95f4f7880e39b74fcd22a9931fe18663c1aca462460e2eaafb670c | — | |
hashad9d82221d420824037a47664831364344c59e284d3ba797989b806078b3bb73 | — | |
hashb2021b92db1c276f998e6c0c8c013e74f6367e8e43c3e9446a78e3de5fa61e92 | — | |
hashb20e9af3c4b11446afbe8d3de36604e74563541d0480a0a2e0f8c694eb7e3b6a | — | |
hashb295724bd106811d13f0f51035e1ac1dcf1a253453caf50ddd4167b14b663081 | — | |
hashb44c4a59061ad57d5a0445e20d0cc29d09420c9967ddc2917447a4b628a9ca60 | — | |
hashb4c854ca0a600214474d5f766fbdb80a3af24fb3a413e363420975404b7dc726 | — | |
hashb5b1ada7b8c4ac1b85833e7457b41976b57d3ab4f376c8206a3fe0daa5663fdf | — | |
hashb60ab07de49f01e03d04e233b9d296c532f869ef5c55c455201d186d2bd8f2dd | — | |
hashb720af85cb166b7d554b2ad24a6f32c45da4cfc5a4c524030eca76a1f790ff26 | — | |
hashb8160fddfbadbd11f8205d65be49687eb6e6a7fa74e09f5fc7be25e3b3fea79e | — | |
hashb921a098a2ebee48cf1cfb73ecb356e79cd3ec48e2cc46a7e669f17491e931c9 | — | |
hashba35cd7a6b5ad342a65fa74b7e2e8c020c77b91b906a93a15bf02a5820f6a334 | — | |
hashbdda7c7040f9790274f549e5b29ee3bf2120ec473bd1e74276b7d22efff06ee5 | — | |
hashbde88b7cddbb10ac3bfe03500ae65b2a40fc28a8271744bf2bec695794ea35ab | — | |
hashbe63d2d2afc08627c2d24cf23183974fc0e842df56d3d63fcd0ac58feebe46d6 | — | |
hashbf157f7f230ade23f395d15e96c447a9f92c23705511e3a70dfd9ce5d67c9bce | — | |
hashbfcfc4dd196a0d1135bfb33fabee1eb45546287dbb1380b6cb73370194206d1e | — | |
hashc01f26fc6e31bc5b03783975f34a11a502a02339e340a4a334c39f7416c74fae | — | |
hashc09b33dcd75c85a518ef8628f17a223bf60c9d482ab43531803822675a083711 | — | |
hashc136d7beddeaff3056107cd212debeaf410f92e56cbc82b55c3c36947a942e9f | — | |
hashc145fa884087cce8618d365c33ebaedc289b87627c0db60aa345442ba1d68f44 | — | |
hashc3de8817e345bf165eb4ef895b53b1fb81332454e6e67336adf4dab74581f056 | — | |
hashc3fa491b373b82de8547f1813ef5f06a57f120e42ef3e304194321eb0612e3a0 | — | |
hashc4eacc1f979512a7a952d00962fabc90ed91b70d63c16370164478b46d19752d | — | |
hashc7aa72d3e835b5fabef5130ee316eb8708bbdccfd3b7d44eba5871c0d5c56a95 | — | |
hashc91f9ef587e4cce1cf97dbc8a62f7e734f0eb3611b8d474a6531a5aa11de3cb0 | — | |
hashc9295e5a87e0bff96136871c922946645907c359826a88eb65236a5b5ac99569 | — | |
hashcc96ca573ade4125a1eae3e09df7533aa5057c06348a9c2ef3b49a0678a2c7c0 | — | |
hashccbd7e7768661f916783ba1ca38a073b34bcfdc16e2c4baac8e7fdcd7bf527e1 | — | |
hashccdaf74c2eb1508d09f23b86f79546ae6ab8ffb03a7b47fe9d6a546d4e25fc9f | — | |
hashcd3e78bdacb91a8f6af1b8158886c0f17c694f032a83f16300cf9bd97b842296 | — | |
hashce6d5b11e3dc186154059bbbe1d7ba525c2b35bcdba1f153cad45994cb2d9b98 | — | |
hashcea9b158ed5aa388ab7da667f343f7345b2453c6ea7269a71b6569a10b6e7df8 | — | |
hashd0c31c3e8200a47a874c9215ee93bfed61299fb58d830f986e9dd71fcc3cdf3b | — | |
hashd45fbf98509c60b65d339796f9cb9bdcbb7858346bdd38b6313095b6bfe5a474 | — | |
hashd5cc3caaf32b7c9dffa90c00030c1e3a3a66fe9cfcdea78f6b16b3fa70f50ffe | — | |
hashd6246aedf5c17acbab371c3d15832cd14fee10e13f265912113d5b4e4362a911 | — | |
hashd6ccbedaee92fe82e96007c9170830df32d5673390ce50d54c98e69b5d28857d | — | |
hashd6f0227a7c4dc8493b5f6c417ebac7a30f0bf92f7e2088f77e70c313de41ef15 | — | |
hashd70b089c33f1c8b45c0dcd062e62d77bc2b297b1da22dd3521eaa9ebdab9a3bf | — | |
hashd9dc488b938deb0f8af528fcecc5696f1486e8d807c3e2ec21665203226f9d7e | — | |
hashda74128cd51562bc0a72251d4d6f905b634b851dc8ea461a6ad99354a12daf69 | — | |
hashdca323570a30629f330eb1a16457d6c695b15022556e9f61de2a50f3bd931a4c | — | |
hashdd6d54ef42c63214021861ddae545764e499a295b736999f9d8a947a3e0173b0 | — | |
hashdf4aea58af28d57f917a0abdd8fe6b2a7f7be813e5b823514c59df1acbec2c77 | — | |
hashdf6c70ac65628a9d448abcf596b1af3a775771d3ba121a424400a24f433f56bf | — | |
hashe00a5642240e0cdb42127cfc2284d21c51099b40b58d09e14fed9fafa51423c4 | — | |
hashe24ec87a2ca75e23a585c0695eddc1c825481093bbc3cbe54409ead37e527f6f | — | |
hashe26b1dee15ab0e8d70594d049140879a96979960f9b5d97f9a468a39b6f1265c | — | |
hashe3470d1d70642f8790523b623826d98bb357483cee019ac550abb348ee832159 | — | |
hashe37e0edd405a348899281092cd4b969fd67ea7b7425a9eabbbedb42f7dae5046 | — | |
hashe41c7eae55b42be4697853e6c67031a7bfbf5c0f35bd120e7f28fb4eb345b251 | — | |
hashe6afbe6fef2365d89a4dbb0e9552b41f795b4752e5032f5bdc92e781dbb25cd7 | — | |
hashe6eb6c347449657e1c4dc8ce1029c1543aaa323ba18f51123c05f1fc4ddbf792 | — | |
hashe84346e77a69588a1c7258e007f6e719176426bd7c0d0a46784f7fb8db665026 | — | |
hashe9dff07fc4a368078f9d2f631d6d73a836db0e2784082fcb7dc5b61fdca1b0e6 | — | |
hashea9b5b5bcb249fa4c2f9b58381414b2df886a25413597902deb8e90903178ec4 | — | |
hasheb6c431ecf7e04d8c166b93e0dae1426001def08859ab0cf544eba072ed8a579 | — | |
hashedc45d37c67a26ee1a6e3e020e7df3ce0200e85f861c9eb2bf881c21a61cd8f3 | — | |
hashef14f781fe133f0622c1a83ba9e10cded62a8a1ec10f44f5340ee28d5e2934f3 | — | |
hashef500c31ac0dbfd87107f4a3b0815cf0e646af6c85860461264eb8de06fbba29 | — | |
hashefbc993f028c4501596462969f22995e3c6ba19278d5cd226bade5d831cfe354 | — | |
hashf1a000807fabe0ec21adbc3729e40f6a8c1a2e999237392da854fba559cb0ece | — | |
hashf20dce1849c2cc2c9ca79808831b8b1d660dc4a295ef5272b8cda3ee75547e39 | — | |
hashf2efa0cc09aca10e8189fe4afb477d428f53eef2bd053de1bfb2c84f4231d930 | — | |
hashf2fb617e2288cf5bc34a35d4ac518c0506d1d0b3c23c91180a269922ee99ea33 | — | |
hashf3e402d6ab871ca9aafe77d5521103581f3e471f1106646023692f7a7e615bde | — | |
hashf470da2e04c1b7f51d7981d69e05e3ed80b743523329af5aeb887a15ec34b6db | — | |
hashf5e1bc6ef70eb4b4b8c93a2d8e77d584c35f7a04a511c7390feda87f13054c52 | — | |
hashf68228ac4d325bcca13f8821bcd9fb207c36697bf9a097a80de063e08f4ff940 | — | |
hashf7e40b7bb8db7a5ee5e50ea056c61bc9e4edb987986059a94f90e1f2cea0e4b5 | — | |
hashf832173317e88a6ae9a12a54b97761fe733c5431e7b10315a029716f8e26aba2 | — | |
hashf859144e977d02ce38eb00d579f3bc8e824af15d0a379bd6e305c09ab3a7fac4 | — | |
hashf92a52c5165a77828a7eeab01c2dedd86fd154ebfbeff314c76237e529024c6e | — | |
hashf9ef3b5d4ca512b5afb2d7a98222166543a8b06aeef4d50492a560b4575eb37c | — | |
hashfb19d39ef1f8cea3dbd3812bc5e2a127128afd5c40d5e605b5656f56efe5a099 | — |
Domain
| Value | Description | Copy |
|---|---|---|
domain1312services.ru | — | |
domain1312stealer.ru | — | |
domainbananasquad.ru | — | |
domaindieserbenni.ru | — |
Threat ID: 685465e2cd4c45acbcc20a48
Added to database: 6/19/2025, 7:32:50 PM
Last enriched: 6/27/2025, 7:05:27 AM
Last updated: 11/20/2025, 12:12:38 PM
Views: 83
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Cooking up trouble: How TamperedChef uses signed apps to deliver stealthy payloads
MediumHelixGuard uncovers malicious "spellchecker" packages on PyPI using multi-layer encryption to steal crypto wallets.
MediumWEBJACK: Evolving IIS Hijacking Campaign Abuses SEO for Fraud and Monetization
MediumSophisticated Tuoni C2 Attack on U.S. Real Estate Firm Thwarted
MediumShadowRay 2.0: Active Global Campaign Hijacks Ray AI Infrastructure Into Self-Propagating Botnet
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.