DPRK npm packages

The finest (and largest?) collection of malicious npm packages attributed to North Korea on the internet.

These npm packages facilitate FAMOUS CHOLLIMA's Contagious Interview campaign. FAMOUS CHOLLIMA is a threat actor assessed with high confidence to be directed by the Democratic People's Repubic of Korea (DPRK, North Korea).

Want data from a specific time period? Manipulate the UNIX timestamp (in ms) in the start and end parameters of the URL.

Want json? GET json by appending a json URL parameter.

Showing 112 malicious npm releases from 93 distinct packages distributed between 2025-09-11 and 2025-10-11

Show timeline

Released	Package	IOCs
2025-10-11	vite-plugin-parseflow (2.0.1) 2025-10-11	`int.io` `json-project-opal.vercel.app` `${domain2}` `${domain1}` `https://${domain2}/${uuid}` `https://${domain1}/apikey/${apikey}` fc0adb076f16d313da2d35c6970e5046f6dfa0452ae606c88f28fbefbbff41fb
2025-10-10	tailwind-utilx (1.0.3) 2025-10-10	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 71a920a861bf157e4b19b958673c108ffa6afbefabd950d3d6369d40a5348c98
2025-10-10	glowmotion (1.9.7) 2025-10-10	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 048f05b4555c8949582bb2473fe365d605ce947aac58912681fd4d12e4bca5e1
2025-10-10	shadeforge (2.7.5) 2025-10-10	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 048f05b4555c8949582bb2473fe365d605ce947aac58912681fd4d12e4bca5e1
2025-10-10	shadeforge (2.7.4) 2025-10-10	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 048f05b4555c8949582bb2473fe365d605ce947aac58912681fd4d12e4bca5e1
2025-10-10	tailwindcss-setremotion (2.0.5) 2025-10-10	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 6990dac643100576f7a70b053fa1663f8be205e11e937b7f47d2300bac61fdce
2025-10-10	gridmancer (2.7.4) 2025-10-10	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 048f05b4555c8949582bb2473fe365d605ce947aac58912681fd4d12e4bca5e1
2025-10-10	tailwind-setting (3.7.4) 2025-10-10	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 2e150e7794b1ababe441492aee68eb031f4cc1766a4ea7cd6f68e43c66741948
2025-10-10	tailwind-setting (3.7.3) 2025-10-10	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/` 57051d55e210c3cbca4e8d3fa95935fc5cd2b3c482a8926907d39ad86fdb648e
2025-10-10	tailwind-setting (3.7.2) 2025-10-10	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/` 57051d55e210c3cbca4e8d3fa95935fc5cd2b3c482a8926907d39ad86fdb648e
2025-10-10	lintcolor (2.5.4) 2025-10-10	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/` 03c5273a43d55a7d5673f1244d633371f17d3e7ae5e2fc65b70f4f2892d6cdd1
2025-10-10	tailwind-setting (3.7.1) 2025-10-10	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-10-10	react-alerts-template-basic (3.3.4) 2025-10-10	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-10-10	react-bindify-decorators (8.10.10) 2025-10-10	`23.` `ap` `http://23.` `https://ap` d27c9f75c3f1665ee19642381a4dd6f2e4038540442cf50948b43f418730fd0a
2025-10-10	bcrypt-js-edge (3.3.4) 2025-10-10	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 01652eb30cc8dcbfecbf89c2083ed5e0891beb06c609c39c0cd77739bb192daa 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c e2e99ccfb01b48120e5953b0be15b932a22f4e7e38fd629db257639bfcc007b9
2025-10-10	pino-logging (2.2.3) 2025-10-10	0b658c0bae71dbd8ad430cbeb9ab9e86bd478e620764c7c58aa892290faacd1f 92cb196443f9245e4dae427c290e033c6f8b9d24a5f6568e9fd6ae0168070cbb a7e9506b8d2391fde6695393fd75ff110f58ee46affb14a7ef940862b2bbea03 aa00a12f864ee3e2b2b2f81c672202503de133fd94c6c609b5586f526cb7af74
2025-10-10	lintcolor (2.5.3) 2025-10-10	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-10-10	vite-chunk-manager (2.0.6) 2025-10-10	`int.io` `json-project-opal.vercel.app` `${domain2}` `${domain1}` `https://${domain2}/${uuid}` `https://${domain1}/apikey/${apikey}` d257fd53b36e36b0c29311ed74a6aa2c9a1884b3f1fc39ab6bdcebee15ce78f6
2025-10-09	webpack-css-load-branch (2.0.6) 2025-10-09	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-10-09	react-ui-toast (0.7.2) 2025-10-09	`23.` `ap` `http://23.` `https://ap` 3847cb6f8107f8a2b70c379e1f36b66de9e631cc694aed3e99aa4b1339cd4b84 4aac106a4f36aba6433c7ded453d724307ee55616e240883cd46204549cf24b1 ab0b81ef26e1aa481bcd419a463dfcd0a0c62e56d67cdb10bdde85b741bd74da
2025-10-08	vite-react-chunker (2.0.6) 2025-10-08	`int.io` `json-project-opal.vercel.app` `${domain2}` `${domain1}` `https://${domain2}/${uuid}` `https://${domain1}/apikey/${apikey}` d257fd53b36e36b0c29311ed74a6aa2c9a1884b3f1fc39ab6bdcebee15ce78f6
2025-10-08	vite-react-chunker (2.0.5) 2025-10-08	`int.io` `json-project-opal.vercel.app` `${domain2}` `${domain1}` `https://${domain2}/${uuid}` `https://${domain1}/apikey/${apikey}` 7f4b9c79e82d78c6203d8834a1c7c47c022356e2f4abdb6c597e8b6a7072eecd
2025-10-08	webpack-load-css-branch (2.0.6) 2025-10-08	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-10-08	vite-chunk-tools (1.0.3) 2025-10-08	`api.np` `oint.io` `json-project-opal.vercel.app` `${domain2}` `${domain1}` `https://${domain2}/${uuid}` `https://${domain1}/apikey/${apikey}` edf310b49efec87b319bdcb8e32558ecb76eff9b45669322f19ba4ce1599b5de
2025-10-08	func-analys (1.3.1) 2025-10-08	db13a75c7cd329f4b5aaac9a4cebb0f4f03c8bae61e4e2af2ca805fc34be14bc fd907001e150cfd5bc723978881c5f5406f28c76f691d20c646aa160eb3adfeb
2025-10-07	pretty-format-setting (1.0.1) 2025-10-07	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-10-07	vite-plugin-vue-layout (1.1.4) 2025-10-07	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-10-06	vite-babel-plugin-es6-promise (1.0.1) 2025-10-06	`int.io` `json-project-hazel.vercel.app` `${domain2}` `${domain1}` `https://${domain2}/${uuid}` `https://${domain1}/apikey/${apikey}` 8931caa61cfd9e8d49fefbcb2ea710003573ccc3cb76c2266e05cd94bf32a5a4
2025-10-03	tailwind-style-components (1.0.3) 2025-10-03	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-10-02	chai-utils (8.9.8) 2025-10-02	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-10-02	mongodb-orn (3.1.2) 2025-10-02	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-10-02	lovable-ts (3.1.2) 2025-10-02	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-10-01	log4action (1.12.7) 2025-10-01	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-10-01	vite-plugin-parse (2.0.1) 2025-10-01	`int.io` `json-project-opal.vercel.app` `${domain2}` `${domain1}` `https://${domain2}/${uuid}` `https://${domain1}/apikey/${apikey}` fc0adb076f16d313da2d35c6970e5046f6dfa0452ae606c88f28fbefbbff41fb
2025-10-01	vite-plugin-chunk-chop (2.0.6) 2025-10-01	`int.io` `json-project-opal.vercel.app` `${domain2}` `${domain1}` `https://${domain2}/${uuid}` `https://${domain1}/apikey/${apikey}` ab6310c6878894cdb585f4196f586386a8dc723d839a3f5ceaf0c7a7a75ca5e5
2025-10-01	webpack-css-branch-loader (1.8.17) 2025-10-01	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-09-30	tailwindcss-remotion (2.0.5) 2025-09-30	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-09-30	tailwindcss-animatexs (2.0.5) 2025-09-30	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-09-30	vite-plugin-es6-babel (1.0.3) 2025-09-30	`int.io` `${domain2}` `${domain1}` `https://${domain2}/${uuid1}` `https://${domain1}/${uuid2}` 9c039d4d3d2d2178b4627e3369e4b7e9bd69afe6af9a804bb4cca4235f280793
2025-09-30	vite-plugin-es6-babel (1.0.2) 2025-09-30	`int.io` `${domain2}` `${domain1}` `https://${domain2}/${uuid1}` `https://${domain1}/${uuid2}` 5f1d2c25bf08fc23dee823658db403074fa6d0394f0be984df7411f090f4346a
2025-09-29	vite-next-loggers (8.9.8) 2025-09-29	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-09-29	nodemon-pkg (5.1.0) 2025-09-29	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-09-29	react-copack (5.1.0) 2025-09-29	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-09-29	mongodb-cd (3.1.2) 2025-09-29	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-09-29	lovable-js (3.1.2) 2025-09-29	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-09-29	js-notifiers (3.3.4) 2025-09-29	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-09-29	react-outcome-error-alert (3.3.4) 2025-09-29	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-09-29	orbital-ledger (6.3.2) 2025-09-29	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-09-29	react-icons-loader (25.9.29) 2025-09-29	`23.` `ap` `http://23.` `https://ap` d27c9f75c3f1665ee19642381a4dd6f2e4038540442cf50948b43f418730fd0a
2025-09-29	vite-configs-viewer (1.2.4) 2025-09-29	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-09-26	func-analyst (1.3.1) 2025-09-26	db13a75c7cd329f4b5aaac9a4cebb0f4f03c8bae61e4e2af2ca805fc34be14bc fd907001e150cfd5bc723978881c5f5406f28c76f691d20c646aa160eb3adfeb
2025-09-26	prettier-utils (1.0.6) 2025-09-26	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-09-25	auto-es6-ext (0.10.38) 2025-09-25	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-09-25	vite-plugin-opticompress (1.0.3) 2025-09-25	`api.np` `oint.io` `json-project-opal.vercel.app` `${domain2}` `${domain1}` `https://${domain2}/${uuid}` `https://${domain1}/apikey/${apikey}` edf310b49efec87b319bdcb8e32558ecb76eff9b45669322f19ba4ce1599b5de
2025-09-25	react-tediter (1.4.3) 2025-09-25	`23.` `ap` `http://23.` `https://ap` `bingo-logger.final` 1042b1753cc6b05fb83a62feba433105662dd7fe789daee40923b35e1551b6f6 4aac106a4f36aba6433c7ded453d724307ee55616e240883cd46204549cf24b1 83c145aedfdf61feb02292a6eb5091ea78d8d0ffaebf41585c614723f36641d8 ab0b81ef26e1aa481bcd419a463dfcd0a0c62e56d67cdb10bdde85b741bd74da
2025-09-24	async-chai (2.3.0) 2025-09-24	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 0291a2dc0118be5672c84c7ea7dce85e66361e3abf3b8d578342ef5a8d1c9bff 9c8fb5e271f95d21863626d46035c1327585bfe756719c7a13c30897722a479d
2025-09-24	async-chai (2.2.8) 2025-09-24
2025-09-24	cross-session (2.2.8) 2025-09-24	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 0291a2dc0118be5672c84c7ea7dce85e66361e3abf3b8d578342ef5a8d1c9bff 9c8fb5e271f95d21863626d46035c1327585bfe756719c7a13c30897722a479d
2025-09-24	tailwindcss-animators (2.0.5) 2025-09-24	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-09-24	webpack-loader-css-branch (2.0.6) 2025-09-24	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-09-24	webpack-loader-css-branch (2.0.5) 2025-09-24
2025-09-23	vite-plugin-parse-js (2.0.1) 2025-09-23	`int.io` `json-project-opal.vercel.app` `${domain2}` `${domain1}` `https://${domain2}/${uuid}` `https://${domain1}/apikey/${apikey}` fc0adb076f16d313da2d35c6970e5046f6dfa0452ae606c88f28fbefbbff41fb
2025-09-23	echats-js (2.4.2) 2025-09-23	`23.` `ap` `http://23.` `https://ap` 4aac106a4f36aba6433c7ded453d724307ee55616e240883cd46204549cf24b1 83c145aedfdf61feb02292a6eb5091ea78d8d0ffaebf41585c614723f36641d8 ab0b81ef26e1aa481bcd419a463dfcd0a0c62e56d67cdb10bdde85b741bd74da
2025-09-23	chai-async (2.2.8) 2025-09-23	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 0291a2dc0118be5672c84c7ea7dce85e66361e3abf3b8d578342ef5a8d1c9bff 9c8fb5e271f95d21863626d46035c1327585bfe756719c7a13c30897722a479d
2025-09-23	webpack-dev-serve-middleware (2.1.4) 2025-09-23	`api.npoint.io` `https://api.npoint.io/55d8db41f6701d040c83` 697375b72530cde41db84396e418d9611d591e3a99a4f3b892a89ab06f67d164
2025-09-23	res-notification (5.4.12) 2025-09-23	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c fa4504dadce521aaed859ad9891f215f6c6062487c6a9a85e1da3049543635d4
2025-09-23	webpack-dev-serve-middleware (2.1.3) 2025-09-23	`api.npoint.io` `https://api.npoint.io/55d8db41f6701d040c83` 697375b72530cde41db84396e418d9611d591e3a99a4f3b892a89ab06f67d164
2025-09-22	cross-sessions (2.2.8) 2025-09-22	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 0291a2dc0118be5672c84c7ea7dce85e66361e3abf3b8d578342ef5a8d1c9bff 9c8fb5e271f95d21863626d46035c1327585bfe756719c7a13c30897722a479d
2025-09-22	nodelog-lite (9.7.7) 2025-09-22	6fb2eb6b6571d3706fbbac44dee6aaccc82b25dcd46af04573436883dfa7bc0f 6fc43b0d18ade3eda394aff4f9965c93c8c36620285a44528a32bef8697cba41
2025-09-22	node-dev-config (3.1.2) 2025-09-22	`23.` `ap` `http://23.` `https://ap` 4aac106a4f36aba6433c7ded453d724307ee55616e240883cd46204549cf24b1 83c145aedfdf61feb02292a6eb5091ea78d8d0ffaebf41585c614723f36641d8 ab0b81ef26e1aa481bcd419a463dfcd0a0c62e56d67cdb10bdde85b741bd74da
2025-09-22	cli-color-ext (4.3.9) 2025-09-22	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-09-22	pino-node (2.3.4) 2025-09-22	0b658c0bae71dbd8ad430cbeb9ab9e86bd478e620764c7c58aa892290faacd1f 92cb196443f9245e4dae427c290e033c6f8b9d24a5f6568e9fd6ae0168070cbb a7e9506b8d2391fde6695393fd75ff110f58ee46affb14a7ef940862b2bbea03 aa00a12f864ee3e2b2b2f81c672202503de133fd94c6c609b5586f526cb7af74
2025-09-22	tailwindcss-config-overrides (1.0.3) 2025-09-22	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-09-22	tailwind-mui-modal (1.0.4) 2025-09-22	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-09-22	filiogrean-icon (3.23.8) 2025-09-22	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-09-22	tailwind-config-setting (1.0.1) 2025-09-22	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-09-22	react-content-parser (5.9.22) 2025-09-22	`23.` `ap` `http://23.` `https://ap` d27c9f75c3f1665ee19642381a4dd6f2e4038540442cf50948b43f418730fd0a
2025-09-18	dragon0905-vite-tsconfig-assistant (1.0.3) 2025-09-18	`ipapi.co` `process-log.vercel.app` `localhost:4444` `https://ipapi.co/${ip}/json/` `https://process-log.vercel.app/api/ipcheck` `http://localhost:4444/api/ipcheck` 49debd6c23265ef6e28f66d7b617fc4f1ca58b34b7da0f06d793a4ca552f45cd dcde20e9104c953246a379a54c2292e49add6601c77898972fd37912c985f470
2025-09-18	vite-tsconfig-assistant (1.0.3) 2025-09-18	`ipapi.co` `process-log.vercel.app` `localhost:4444` `https://ipapi.co/${ip}/json/` `https://process-log.vercel.app/api/ipcheck` `http://localhost:4444/api/ipcheck` 49debd6c23265ef6e28f66d7b617fc4f1ca58b34b7da0f06d793a4ca552f45cd dcde20e9104c953246a379a54c2292e49add6601c77898972fd37912c985f470
2025-09-17	reactify-utils (1.10.3) 2025-09-17	4aac106a4f36aba6433c7ded453d724307ee55616e240883cd46204549cf24b1 5afcf303d40f1aa6eb3e6106f1364071534e4f4462ebccbf5ac2b9d0f3ecbaa8
2025-09-17	sessionfiy (2.2.8) 2025-09-17	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 0291a2dc0118be5672c84c7ea7dce85e66361e3abf3b8d578342ef5a8d1c9bff 9c8fb5e271f95d21863626d46035c1327585bfe756719c7a13c30897722a479d
2025-09-17	renotistack (10.3.1) 2025-09-17	4aac106a4f36aba6433c7ded453d724307ee55616e240883cd46204549cf24b1 5afcf303d40f1aa6eb3e6106f1364071534e4f4462ebccbf5ac2b9d0f3ecbaa8
2025-09-17	vite-plugin-chunk-chop (2.0.5) 2025-09-17	`int.io` `json-project-opal.vercel.app` `${domain2}` `${domain1}` `https://${domain2}/${uuid}` `https://${domain1}/apikey/${apikey}` 7f4b9c79e82d78c6203d8834a1c7c47c022356e2f4abdb6c597e8b6a7072eecd
2025-09-16	vite-plugin-parse-json (2.0.1) 2025-09-16	`int.io` `json-project-opal.vercel.app` `${domain2}` `${domain1}` `https://${domain2}/${uuid}` `https://${domain1}/apikey/${apikey}` fc0adb076f16d313da2d35c6970e5046f6dfa0452ae606c88f28fbefbbff41fb
2025-09-16	vite-plugin-optichunk (3.0.5) 2025-09-16	`api.np` `oint.io` `json-project-opal.vercel.app` `${domain2}` `${domain1}` `https://${domain2}/${uuid}` `https://${domain1}/apikey/${apikey}` edf310b49efec87b319bdcb8e32558ecb76eff9b45669322f19ba4ce1599b5de
2025-09-16	vite-plugin-parse-json (2.0.6) 2025-09-16	`int.io` `json-project-opal.vercel.app` `${H2}` `${H1}` `https://${H2}/${ID}` `https://${H1}/apikey/${KEY}` 575d045c7337bc6bdb1e7cca62d3480b23db8d5db35c9d538869ff8720360961
2025-09-16	vite-plugin-parse-json (2.0.5) 2025-09-16	`int.io` `json-project-opal.vercel.app` `${H2}` `${H1}` `https://${H2}/${ID}` `https://${H1}/apikey/${KEY}` 575d045c7337bc6bdb1e7cca62d3480b23db8d5db35c9d538869ff8720360961
2025-09-16	mongodb-ci (3.1.2) 2025-09-16	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-09-16	next-optimized-image (2.6.2) 2025-09-16	`int.io` `json-project-opal.vercel.app` `${domain2}` `${domain1}` `https://${domain2}/${uuid}` `https://${domain1}/apikey/${apikey}` 31d0fc7aff5089e5b73a535a5bc454aef290bccb2c10743bcb314e5431eb4113
2025-09-16	tailwind-scrollmenu (1.2.4) 2025-09-16	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-09-16	next-plugin-uni-i18n (1.0.5) 2025-09-16	`int.io` `json-project-hazel.vercel.app` `${domain2}` `${domain1}` `https://${domain2}/${uuid}` `https://${domain1}/apikey/${apikey}` c187390910e62e85df0f12c707d52c213bc99d5e35ce4421b269c5e546df7b2a
2025-09-16	tailwind-icon-animate (1.0.4) 2025-09-16	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-09-15	vite-plugin-chunk (2.0.5) 2025-09-15	`int.io` `json-project-opal.vercel.app` `${domain2}` `${domain1}` `https://${domain2}/${uuid}` `https://${domain1}/apikey/${apikey}` ee50a2db45226f7af482d6db190a60f53e02ce201e71a7898fcddf764b8e5038
2025-09-15	epxresser (5.1.1) 2025-09-15	`ers.zip` `hardhat.co` `eeipapi.co` `fr` `139` `https://fr` `http://139` 4eeb5ad2650f2037b46fc0acd0b3fd771448fd3e9d81006630986dc8289318e0
2025-09-15	react-lovable (3.1.2) 2025-09-15	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-09-15	epxresser (5.1.0) 2025-09-15
2025-09-15	nodeapi-json (5.1.0) 2025-09-15	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-09-15	vite-next-logger (8.9.8) 2025-09-15	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-09-15	node-notifications (3.3.4) 2025-09-15	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-09-15	error-fallback (2.2.8) 2025-09-15	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 0291a2dc0118be5672c84c7ea7dce85e66361e3abf3b8d578342ef5a8d1c9bff 9c8fb5e271f95d21863626d46035c1327585bfe756719c7a13c30897722a479d
2025-09-12	lovable-react (3.1.2) 2025-09-12	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-09-12	mongoose-ci (3.1.2) 2025-09-12	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-09-12	express-xmlrequest (2.2.8) 2025-09-12	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 0291a2dc0118be5672c84c7ea7dce85e66361e3abf3b8d578342ef5a8d1c9bff 9c8fb5e271f95d21863626d46035c1327585bfe756719c7a13c30897722a479d
2025-09-12	next-plugin-uni-i18n (1.0.4) 2025-09-12	`int.io` `apikey-six.vercel.app` `${domain2}` `${domain1}` `https://${domain2}/${uuid}` `https://${domain1}/apikey/${apikey}` 72d9377e65277dfb9af01e8b881654002c04670a0f528895e629f8a6d7529773
2025-09-12	react-content-provider (10.3.0) 2025-09-12	4aac106a4f36aba6433c7ded453d724307ee55616e240883cd46204549cf24b1 94e34bb2dc807a803af31779a3ce9c22464abb1951774685ba50e02c1d0e4e3b
2025-09-12	tailwind-classes-overrides (1.0.3) 2025-09-12	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-09-11	next-plugin-uni-i18n (1.0.3) 2025-09-11
2025-09-11	next-plugin-uni-i18n (1.0.2) 2025-09-11	`int.io` `apikey-six.vercel.app` `${domain2}` `${domain1}` `https://${domain2}/${uuid}` `https://${domain1}/apikey/${apikey}` 72d9377e65277dfb9af01e8b881654002c04670a0f528895e629f8a6d7529773
2025-09-11	eth-node-utils (8.9.8) 2025-09-11	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 7152d80fa0c826437afbb631bf398323072993cdd7e050274bc69a79940c380b afd78612ba232e2310231f4c62d9bae47961caf93fb8404b55a4da352a97fdb9
2025-09-11	babel-ganache (2.2.7) 2025-09-11	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 0291a2dc0118be5672c84c7ea7dce85e66361e3abf3b8d578342ef5a8d1c9bff 9c8fb5e271f95d21863626d46035c1327585bfe756719c7a13c30897722a479d
2025-09-11	babel-ganache (2.2.6) 2025-09-11	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 0291a2dc0118be5672c84c7ea7dce85e66361e3abf3b8d578342ef5a8d1c9bff 9c8fb5e271f95d21863626d46035c1327585bfe756719c7a13c30897722a479d
2025-09-11	babel-ganache (2.2.4) 2025-09-11	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 0291a2dc0118be5672c84c7ea7dce85e66361e3abf3b8d578342ef5a8d1c9bff 9c8fb5e271f95d21863626d46035c1327585bfe756719c7a13c30897722a479d

About this collection

FAMOUS CHOLLIMA has been facilitating the Contagious Interview campaign by deploying npm packages to the npm registry as early as August 2024. I have been actively tracking FAMOUS CHOLLIMA’s package distributions since ~February 2025 and in July 2025 I opened the collection to the public.

Every package and version listed here has been manually attributed to FAMOUS CHOLLIMA with high confidence based on the characteristics of the alleged maintainer, the package contents, the indicators, and the malware behaviour (if I’ve made a mistake, please contact me below).

The IOCs represent only the earliest stages of an infection chain. Typically these packages are designed to execute remote content that facilitates further infection (i.e. OtterCookie, BEAVERTAIL, et. al.) and involve more indicators than are visible here.

This collection is not an exhaustive list. Packages slip through my hunting and attribution process. Other researchers have discovered some too, but I believe this is the largest open collection of Contagious Interview npm packages on the internet.

My biggest competitor in terms of volume of packages identified (I think I’m winning for now 😉) is socket.dev, who have done a really great job of explaining the campaign in detail:

January 2025 - North Korean APT Lazarus Targets Developers with Malicious npm Package
March 2025 - Lazarus Strikes npm Again with New Wave of Malicious Packages
April 2025 - Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads
June 2025 - Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages

Want to get in touch? Contact dprk-research[@]pm[.]me.