Are you in the loop? Keep up with the latest by making sure you're subscribed to Community Announcements. Just click Watch and select Articles.

Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Malware Abuse Using Bitbucket Snippets API


Hello Bitbucket Staff,

The following URL is used in a malware sample (word document) found in the wild and leads to malicious commands.


Entrypoint word document VB object segment leading to the URL (shortened using


Malicious MSHTA script dubbed as "blessed bypass" by the attacker:

Final payload bundle:


Please check the malicious account (supposedly with username "daddyjob") and take proper action.


This post pops up here because Bitbucket still offers NO official way to report abuse.

Please report abuse incidents to according to staff members.




Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Oct 19, 2022

Atlassian have asked us to forward any malicious email to them at

That includes emails about, or from, malicious code hosted on Bitbucket, and even if you've not had an email and are getting this malware through a different route, you can still report the repository / user / service to the same address.

They don't need you to explain much either - if it's an email, just forward it, no commentary needed.  If it's a malware report, they only really need to know what the repository is (but the detail you've given in your post here would be very useful to them, and probably help get it taken down more easily).

But, don't email this one, I've asked an Atlassian to take a look at your post, so they don't need another report via email.  This way it also feeds into the things Atlassian are looking at to improve their abuse handling systems.

Like Lilavaz atheropids likes this
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Oct 19, 2022

Thanks for the report.  This repo has been taken down.  In the future you can email these directly to as well.  It is ok to report this here in Community as well, but we sometimes miss things here.


Like # people like this

Thank you! I've edited my post so future viewers (and also myself) will see the email address.

Like Nic Brough -Adaptavist- likes this


Log in or Sign up to comment
AUG Leaders

Atlassian Community Events