ZiChatBot — OceanLotus PyPI supply chain backdoor using Zulip API C2

tool · tool:ZiChatBot

Coverage timeline

first 2026-05-07 → last 2026-05-07

Briefs

1 distinct

Sources cited

1 hosts

Sections touched

research

Co-occurring entities

no co-occurrence

Story timeline

2026-05-07CTI Daily Brief — 2026-05-07
researchFirst coverage. Delivered via malicious PyPI packages; Zulip REST API as C2 channel; Windows and Linux variants; persistence via Registry/crontab. [SINGLE-SOURCE-OTHER]

Where this entity is cited

research1

Source distribution

securelist.com1 (100%)

All cited sources (1)

securelist.comprimaryinlineKaspersky Securelist, 2026-05-06https://securelist.com/oceanlotus-suspected-pypi-zichatbot-campaign/119603/
source profile · cited in 2026-05-07

Items in briefs about ZiChatBot — OceanLotus PyPI supply chain backdoor using Zulip API C2

No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.