Back to Intelligence

NuGet Supply Chain Attack & LLM Jailbreaking: O-UNC-038 Phishing — Enterprise Detection Pack

SA
Security Arsenal Team
July 15, 2026
6 min read

Recent OTX pulses reveal a diverse set of high-risk threats targeting the software supply chain, AI infrastructure, and workforce trust. A sophisticated supply chain attack involves 11 malicious NuGet packages masquerading as game cheats (e.g., for Albion Online, GTA5RP) to deliver a surveillance payload (pepesoft.exe) capable of exfiltration via Telegram and Google Sheets. Simultaneously, threat actors are actively jailbreaking Large Language Models (LLMs) by framing malicious requests as legitimate CTF or CVE-hunting exercises to generate exploit code for applications like PraisonAI and LiteLLM. In parallel, a massive credential harvesting campaign dubbed "Operation Fake KickOff" (linked to adversary O-UNC-038) is abusing recruitment brands like Robert Half to infiltrate enterprise SaaS environments. The collective objective spans intelligence gathering, credential theft, and the automation of exploit generation.

Threat Actor / Malware Profile

Malware: Pepesoft.exe (Surveillance Dropper)

  • Distribution: Malicious .NET NuGet packages posing as game utilities/cheats.
  • Payload Behavior: Acts as a first-stage downloader. Requests UAC elevation to resync system time and fetches a second-stage PyInstaller payload (pepesoft.exe).
  • C2 Communication: Uses Telegram bot control and Google Sheets for telemetry. Employs DNS-over-HTTPS (DoH) to bypass local network controls.
  • Capabilities: Hardware fingerprinting, screenshot exfiltration, and host surveillance.

Adversary: O-UNC-038 (Operation Fake KickOff)

  • Profile: A financially motivated threat actor active since April 2025.
  • Tactics: Sophisticated multi-stage phishing, Adversary-in-the-Middle (AiTM) attacks, MFA bypass, and SaaS abuse.
  • Infrastructure: Utilizes over 232 phishing domains and 80 C2 servers, heavily impersonating HR consulting firms (Robert Half, Aquent).

Technique: LLM Jailbreaking via CTF Framing

  • Method: Manipulates upstream AI safety guardrails by presenting exploit requests as "Capture The Flag" challenges or security research tasks.
  • Target: AI platforms and specific applications (PraisonAI, LiteLLM, FastChat).
  • Outcome: Forces LLMs to generate functional exploit code leveraging vulnerabilities such as CVE-2026-39987.

IOC Analysis

The indicators provided cover a broad spectrum of the attack surface:

  • FileHash-SHA256: 39 hashes associated with the malicious NuGet packages and the pepesoft.exe payload. SOC teams should ingest these into EDR detection engines to block execution.
  • CVEs: 8 distinct CVEs (e.g., CVE-2026-39987, CVE-2026-42271) related to the LLM targeting. Vulnerability management teams must prioritize patching for these specific IDs in AI/ML platforms.
  • Domains: 2 sample phishing domains (fifahr-careers.com, adidas-hiring.com) representative of the O-UNC-038 infrastructure. These should be added to DNS sinkholes and web proxy blocklists immediately.
  • Operationalization: Hashes should be scanned for using EDR (CrowdStrike, SentinelOne). Domains require immediate DNS blocking. CVEs need scanning via Qualys/Tenable against the specific AI platforms mentioned.

Detection Engineering

YAML
---
title: Potential Malicious NuGet Package Execution - Pepesoft
id: 2c8f3a1b-4d5e-6f7a-8b9c-0d1e2f3a4b5c
description: Detects execution of suspicious processes often associated with the Pepesoft malware family delivered via malicious NuGet packages. Looks for pyinstaller-related processes and unusual use of system time resync.
status: experimental
author: Security Arsenal
references:
    - https://otx.alienvault.com/
date: 2026/07/15
tags:
    - attack.execution
    - attack.t1059.001
logsource:
    category: process_creation
    product: windows
detection:
    selection:
        Image|endswith:
            - '\python.exe'
            - '\pyinstaller.exe'
        CommandLine|contains:
            - 'pepesoft'
            - '--uac'
    condition: selection
falsepositives:
    - Legitimate Python development
level: high
---
title: DNS-over-HTTPS (DoH) to Suspicious Endpoints
id: 3d9g4b2c-5e6f-7g8h-9i0j-1e2f3g4h5i6j
description: Detects processes utilizing DNS-over-HTTPS, a technique used by the Pepesoft dropper to bypass local controls and fetch payloads.
status: experimental
author: Security Arsenal
date: 2026/07/15
tags:
    - attack.command_and_control
    - attack.t1071.004
logsource:
    category: network_connection
    product: windows
detection:
    selection:
        Initiated: 'true'
        DestinationPort: 443
        DestinationHostname|contains:
            - 'dns.google'
            - 'cloudflare-dns.com'
    filter_main_legit:
        Image|endswith:
            - '\chrome.exe'
            - '\firefox.exe'
            - '\msedge.exe'
    condition: selection and not filter_main_legit
falsepositives:
    - Legitimate applications using DoH for privacy
level: medium
---
title: Credential Harvesting - Recruitment Phishing Domains
id: 4e0h5c3d-6f7g-8h9i-0j1k-2f3g4h5i6j7k
description: Identifies connections to domains mimicking recruitment firms, associated with O-UNC-038's Fake KickOff campaign.
status: experimental
author: Security Arsenal
date: 2026/07/15
tags:
    - attack.initial_access
    - attack.t1566.002
logsource:
    category: dns_query
    product: windows
detection:
    selection_keywords:
        QueryName|contains:
            - 'careers'
            - 'hiring'
            - 'jobs'
            - 'recruitment'
    selection_tlds:
        QueryName|endswith:
            - '.com'
            - '.net'
            - '.org'
    condition: selection_keywords and selection_tlds
falsepositives:
    - Legitimate job searching activity
level: low


kql
// Hunt for malicious NuGet-related processes and file creation
DeviceProcessEvents
| where Timestamp >= ago(7d)
| where ProcessVersionInfoOriginalFileName =~ "nuget.exe" or FileName =~ "nuget.exe"
| where ProcessCommandLine contains "restore" or ProcessCommandLine contains "install"
| join kind=inner (DeviceFileEvents
| where Timestamp >= ago(7d)
| where SHA256 in (
    "d5385526f2f3e52c7d96087611c6cd4e479bf61828400efdb3ca09406d981609",
    "9a2091e6625fc11cfd8f39c17aa271604e66322ee045028946274b988103e35b",
    "900ddb81d27e03967209fee4d17d13deb68eef0e1f10936eb520ca10575cb49e",
    "ab58a90eb3682c6dc3389cd700a64f68a19c0dac3d0fa8e3df97ae041f96d4e1",
    "e6e1049158ceb1971c61388349c81fa6047a7aecb4ff2089ef54a50dcc35dbc0",
    "d9f7ca9f93a7d188d51db308877b15d0beae932ca0bf4705384fbedf54b454c1",
    "4d13f1136b13c871c65141b77ec7208488334ac4be511800196adcd328666305",
    "011926de3d0cc2b970627b9bf0de003e731f8576602dff756d2ab54a9de61972"
))
| project Timestamp, DeviceName, InitiatingProcessFileName, InitiatingProcessCommandLine, FileName, FolderPath, SHA256


powershell
# IOC Hunt Script for Pepesoft and Phishing Domains
# Requires Administrator privileges

Write-Host "Starting Threat Hunt: Pepesoft & Fake KickOff" -ForegroundColor Cyan

# 1. Check for file hashes
$maliciousHashes = @(
    "d5385526f2f3e52c7d96087611c6cd4e479bf61828400efdb3ca09406d981609",
    "9a2091e6625fc11cfd8f39c17aa271604e66322ee045028946274b988103e35b",
    "900ddb81d27e03967209fee4d17d13deb68eef0e1f10936eb520ca10575cb49e",
    "ab58a90eb3682c6dc3389cd700a64f68a19c0dac3d0fa8e3df97ae041f96d4e1",
    "e6e1049158ceb1971c61388349c81fa6047a7aecb4ff2089ef54a50dcc35dbc0",
    "d9f7ca9f93a7d188d51db308877b15d0beae932ca0bf4705384fbedf54b454c1",
    "4d13f1136b13c871c65141b77ec7208488334ac4be511800196adcd328666305",
    "011926de3d0cc2b970627b9bf0de003e731f8576602dff756d2ab54a9de61972"
)

$drives = Get-PSDrive -PSProvider FileSystem
foreach ($drive in $drives) {
    Write-Host "Scanning drive $($drive.Root)..." -ForegroundColor Yellow
    Get-ChildItem -Path $drive.Root -Recurse -ErrorAction SilentlyContinue | 
    ForEach-Object {
        $hash = (Get-FileHash -Path $_.FullName -Algorithm SHA256 -ErrorAction SilentlyContinue).Hash
        if ($hash -in $maliciousHashes) {
            Write-Host "[!] MALICIOUS FILE FOUND: $($_.FullName)" -ForegroundColor Red
        }
    }
}

# 2. Check hosts file for phishing domains
$phishingDomains = @(
    "fifahr-careers.com",
    "adidas-hiring.com"
)

$hostsPath = "$env:SystemRoot\System32\drivers\etc\hosts"
if (Test-Path $hostsPath) {
    $hostsContent = Get-Content $hostsPath
    foreach ($domain in $phishingDomains) {
        if ($hostsContent -match $domain) {
            Write-Host "[!] PHISHING DOMAIN FOUND IN HOSTS FILE: $domain" -ForegroundColor Red
        }
    }
}

Write-Host "Hunt Complete." -ForegroundColor Green

Response Priorities

  • Immediate:

    • Block all 39 SHA256 file hashes at the endpoint via EDR isolation policies.
    • Sinkhole the sample phishing domains (fifahr-careers.com, adidas-hiring.com) and hunt for broader *-careers.com or *-hiring.com typos in DNS logs.
    • Review outbound DNS-over-HTTPS traffic for anomalies not originating from approved browsers.
  • 24 Hours:

    • If credential-harvesting malware is suspected (O-UNC-038), initiate identity verification checks for HR and Finance staff.
    • Scan internal code repositories and build pipelines for the malicious NuGet package names mentioned.
    • Audit LLM/AI platform logs (PraisonAI, LiteLLM) for prompts containing "CTF", "CVE", or "exploit" to detect jailbreak attempts.
  • 1 Week:

    • Harden the software supply chain by enforcing package signing verification for all NuGet/PyPI repositories.
    • Implement strict input validation and sandboxing for LLM integrations within the development environment.
    • Conduct security awareness training focused on advanced phishing techniques mimicking recruitment workflows.

Related Resources

Security Arsenal Incident Response Managed SOC & MDR Services AlertMonitor Threat Detection From The Dark Side Intel Hub

darkwebotx-pulsedarkweb-aptnuget-supply-chainllm-jailbreakingo-unc-038credential-harvestingmalware-dropper

Is your security operations ready?

Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.