DPRK npm packages

The finest (and largest?) collection of malicious npm packages attributed to North Korea on the internet.

These npm packages facilitate FAMOUS CHOLLIMA's Contagious Interview campaign. FAMOUS CHOLLIMA is a threat actor assessed to be directed by the Democratic People's Repubic of Korea (DPRK, North Korea).

Want data from a specific time period? Manipulate the UNIX timestamp (in ms) in the start and end parameters of the URL.

Want json? GET json by appending a json URL parameter.

Showing 96 malicious npm releases from 79 distinct packages distributed between 2025-07-03 and 2025-08-02

Released	Package	IOCs
2025-08-01	strictor (1.0.1) 2025-08-01	`process-log-update-one.vercel.app` `ipapi.co` `https://process-log-update-one.vercel.app/api/ipcheck` `https://ipapi.co/` 0401c539f65446f155b646fd9a316b731c31020ecdef715ce28e157c5bab681c
2025-07-31	pixzen (1.0.1) 2025-07-31	`process-log-update-one.vercel.app` `ipapi.co` `https://process-log-update-one.vercel.app/api/ipcheck` `https://ipapi.co/` 0401c539f65446f155b646fd9a316b731c31020ecdef715ce28e157c5bab681c
2025-07-31	redux-saga-validator (12.14.1) 2025-07-31	4aac106a4f36aba6433c7ded453d724307ee55616e240883cd46204549cf24b1 94e34bb2dc807a803af31779a3ce9c22464abb1951774685ba50e02c1d0e4e3b
2025-07-31	vite-singleparse (1.0.0) 2025-07-31	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-07-30	pretty-logo-maker (1.1.5) 2025-07-30	b4f2e8c273e2c05c19da96c807fbf4a6aa9ac1620afc4623a38d8d6ab2b81418
2025-07-30	pretty-logo-maker (1.1.4) 2025-07-30	b4f2e8c273e2c05c19da96c807fbf4a6aa9ac1620afc4623a38d8d6ab2b81418
2025-07-30	common-js-support (1.0.0) 2025-07-30	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-07-30	vite-styled-kit (1.0.0) 2025-07-30	`0927.vercel.app` `https://0927.vercel.app/api/ipcheck` 86bc1d097fda886b8dcfce5e374ab36915bc568c09607e62c401a5bda6a5ef0a
2025-07-30	vectorrise (1.0.1) 2025-07-30	`process-log-update-one.vercel.app` `ipapi.co` `https://process-log-update-one.vercel.app/api/ipcheck` `https://ipapi.co/` 0401c539f65446f155b646fd9a316b731c31020ecdef715ce28e157c5bab681c
2025-07-30	display-notifications (3.3.4) 2025-07-30	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-30	request-sentry (1.2.1) 2025-07-30	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 687e83c1e198b36cd8562c21c69a776cf6c5c31acadb6419f26805f61726a6a8
2025-07-30	node-log-stream (1.0.12) 2025-07-30	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-30	json-configs (8.9.8) 2025-07-30	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-30	vite-plugin-react-ping (8.9.8) 2025-07-30	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-30	vvite-plugin-react-ping (8.9.8) 2025-07-30	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-30	redux-lint-saga (12.14.1) 2025-07-30	4aac106a4f36aba6433c7ded453d724307ee55616e240883cd46204549cf24b1 94e34bb2dc807a803af31779a3ce9c22464abb1951774685ba50e02c1d0e4e3b
2025-07-30	uxline (1.0.1) 2025-07-30	`process-log-update-one.vercel.app` `ipapi.co` `https://process-log-update-one.vercel.app/api/ipcheck` `https://ipapi.co/` 0401c539f65446f155b646fd9a316b731c31020ecdef715ce28e157c5bab681c
2025-07-29	react-router-purify (1.0.1) 2025-07-29	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-29	aetherlog (9.7.0) 2025-07-29	3d6542aceb6c1822200a9f06e125883f08ca1866c88db856ce8f21ce234a2117 6fc43b0d18ade3eda394aff4f9965c93c8c36620285a44528a32bef8697cba41
2025-07-29	viper-json-logger (9.7.0) 2025-07-29	3d6542aceb6c1822200a9f06e125883f08ca1866c88db856ce8f21ce234a2117 6fc43b0d18ade3eda394aff4f9965c93c8c36620285a44528a32bef8697cba41
2025-07-29	react-context-stylizer (1.0.1) 2025-07-29	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-29	request-guard (1.2.1) 2025-07-29	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 687e83c1e198b36cd8562c21c69a776cf6c5c31acadb6419f26805f61726a6a8
2025-07-29	autoprefixerx-plus (1.0.0) 2025-07-29	54bba7f3adeb988327169f954d3ca94c7e87513665300f5aaa4da78af8d76f73 e180670213176a5f4d61473cd59b5f97ee02d2a87be87a0a7bd586ef458b9c3f
2025-07-28	hashsentinel (1.0.1) 2025-07-28	`process-log-update-one.vercel.app` `ipapi.co` `https://process-log-update-one.vercel.app/api/ipcheck` `https://ipapi.co/` 0401c539f65446f155b646fd9a316b731c31020ecdef715ce28e157c5bab681c
2025-07-25	next-preconfig (1.0.0) 2025-07-25	5219a16479073c9e6a5395da1c82248c22ddf5f6155b6bceb2536dca4b6f1920
2025-07-25	web3-rtc (1.0.0) 2025-07-25	5219a16479073c9e6a5395da1c82248c22ddf5f6155b6bceb2536dca4b6f1920
2025-07-25	vite-plugin-reactjs-refresh (8.9.8) 2025-07-25	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-25	json-confs (8.9.8) 2025-07-25	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-24	uidraftism (1.0.1) 2025-07-24	0401c539f65446f155b646fd9a316b731c31020ecdef715ce28e157c5bab681c
2025-07-23	react-icon-maker (1.1.4) 2025-07-23	b4f2e8c273e2c05c19da96c807fbf4a6aa9ac1620afc4623a38d8d6ab2b81418
2025-07-23	vite-plugin-js-support (1.0.0) 2025-07-23	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-07-23	node-loggerx (0.3.1) 2025-07-23	9c9d94d52a4efbc4403feff4a33fab0127e4050309f389699cac25edc07b87f2 db13a75c7cd329f4b5aaac9a4cebb0f4f03c8bae61e4e2af2ca805fc34be14bc
2025-07-23	real-socket-rt (2.12.1) 2025-07-23	4aac106a4f36aba6433c7ded453d724307ee55616e240883cd46204549cf24b1 94e34bb2dc807a803af31779a3ce9c22464abb1951774685ba50e02c1d0e4e3b
2025-07-23	redux-eslint-saga (12.14.1) 2025-07-23	4aac106a4f36aba6433c7ded453d724307ee55616e240883cd46204549cf24b1 94e34bb2dc807a803af31779a3ce9c22464abb1951774685ba50e02c1d0e4e3b
2025-07-23	react-redux-stylizer (1.0.1) 2025-07-23	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-22	vite-plugin-image-loader (1.1.7) 2025-07-22	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` `cdnjs.${e}` `https://cdnjs.${e}/ajax/libs/font-awesome/6.4.0/svgs/brands/` 999260760877f5600abf42f9a6bec74e1ed5a5abfb7e4f7c482fbc06fb495379
2025-07-22	request-helmet (1.2.1) 2025-07-22	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 687e83c1e198b36cd8562c21c69a776cf6c5c31acadb6419f26805f61726a6a8
2025-07-22	node-loggerx (0.3.0) 2025-07-22	9c9d94d52a4efbc4403feff4a33fab0127e4050309f389699cac25edc07b87f2 db13a75c7cd329f4b5aaac9a4cebb0f4f03c8bae61e4e2af2ca805fc34be14bc
2025-07-22	cookie-loggo (0.1.6) 2025-07-22	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-22	react-icon-maker (1.1.3) 2025-07-22	9c8b27cb100ee531811027a3bb4b400c5c4f3a74294c14562d6edee20fba9817
2025-07-22	cookie-loggo (0.0.6) 2025-07-22	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-22	react-icon-maker (1.1.2) 2025-07-22	fd7410cef37ac00963a435d9f9f23b485ad4186e1854fea643b701e38fc84461
2025-07-22	react-icon-maker (1.1.1) 2025-07-22	e7b4990034e7405015e264cab9d68aa902b493ad3e5ebaa5532a5a805ecb5680
2025-07-22	postcss-minify-theme (7.0.8) 2025-07-22	ae14d886d9848a35593ab08481c2bdc9513b8596ed07e64bcfb5858d1f83633b eb3c333a03cd83d8b0fcf8f07b7ade2570d8066068f69f502f905f384944637e
2025-07-22	postcss-minify-theme (7.0.7) 2025-07-22	ae14d886d9848a35593ab08481c2bdc9513b8596ed07e64bcfb5858d1f83633b eb3c333a03cd83d8b0fcf8f07b7ade2570d8066068f69f502f905f384944637e
2025-07-21	vite-postcss-kit (3.0.5) 2025-07-21	`process-log.vercel.app` `https://process-log.vercel.app/api/ipcheck` `localhost` `http://localhost:4444/api/ipcheck` `0927.vercel.app` `https://0927.vercel.app/api/ipcheck` 86bc1d097fda886b8dcfce5e374ab36915bc568c09607e62c401a5bda6a5ef0a dcde20e9104c953246a379a54c2292e49add6601c77898972fd37912c985f470
2025-07-21	vite-simpleparse (1.0.0) 2025-07-21	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-07-18	notification-clients (3.3.4) 2025-07-18	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-18	exceljs-ui (2.14.5) 2025-07-18	168fe2811a6e97411d7d7cb8175d163d288441412cd7004b1877f3570562af90 389985d2cbe4e87629f9ad62058582ff12566086ea48bb92c7f6fbf09db7df3a bbfd66bf6bcd2b08b142b583d127209f19007a3f2ab6d1a3b80d8694e1acb2e1
2025-07-18	exceljs-ui (2.14.4) 2025-07-18	168fe2811a6e97411d7d7cb8175d163d288441412cd7004b1877f3570562af90 389985d2cbe4e87629f9ad62058582ff12566086ea48bb92c7f6fbf09db7df3a bbfd66bf6bcd2b08b142b583d127209f19007a3f2ab6d1a3b80d8694e1acb2e1 f619221c183c333462e0c147d2f2e482967c3b95272455a08fe6b8a318174f69
2025-07-17	vite-postcss-helper (3.0.4) 2025-07-17	`http://localhost:4444/api/ipcheck` `https://process-log.vercel.app/api/ipcheck` `localhost` `process-log.vercel.app` `https://soc-log.vercel.app/api/ipcheck` `soc-log.vercel.app` 64d241638f40df05c6f0a18718f7298c9a9c6c02ab80187849dd31c8f9b4dfb8 dcde20e9104c953246a379a54c2292e49add6601c77898972fd37912c985f470
2025-07-17	router-kit (1.0.1) 2025-07-17	`https://ip-check-api.vercel.app/api/ipcheck/703` `ip-check-api.vercel.app` 96664a6b31dff64779cac22991666b53384c426efedb2b63e5acb372cdaf5737
2025-07-17	notifications-client (3.3.4) 2025-07-17	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-16	flowhint (1.0.2) 2025-07-16	`process-log-update-one.vercel.app` `ipapi.co` `https://process-log-update-one.vercel.app/api/ipcheck` `https://ipapi.co/` 0401c539f65446f155b646fd9a316b731c31020ecdef715ce28e157c5bab681c
2025-07-16	query-logger (1.2.1) 2025-07-16	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 687e83c1e198b36cd8562c21c69a776cf6c5c31acadb6419f26805f61726a6a8
2025-07-16	react-stylizer (1.0.1) 2025-07-16	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-16	flowhint (1.0.1) 2025-07-16	c321432fadaba806d031e30e1f11b3a01bb2074b490f8ad0b1900746658b30d5
2025-07-16	vite-log-plugin (1.0.1) 2025-07-16	810b447ef104a39612c76d02698ebef6f860cf3eb7c9eedce02ccd8042baaff4
2025-07-16	vite-postcss-bootstrap (0.0.4) 2025-07-16	`http://localhost:4444/api/ipcheck` `https://process-log.vercel.app/api/ipcheck` `localhost` `process-log.vercel.app` `https://soc-log.vercel.app/api/ipcheck` `soc-log.vercel.app` 64d241638f40df05c6f0a18718f7298c9a9c6c02ab80187849dd31c8f9b4dfb8 dcde20e9104c953246a379a54c2292e49add6601c77898972fd37912c985f470
2025-07-16	tailwind-theme-colors (1.0.0) 2025-07-16	`https://ip-check-server.vercel.app/api/ip-check/208` `ip-check-server.vercel.app` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-07-15	cookie-logger (3.8.2) 2025-07-15	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-15	vite-lightsparse (1.0.0) 2025-07-15	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-07-15	jsonlise-conf (8.9.8) 2025-07-15	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-15	vitejs-plugin-react-refresh (8.9.8) 2025-07-15	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-15	vite-postcss-nested (0.0.2) 2025-07-15	`http://localhost:4444/api/ipcheck` `https://process-log.vercel.app/api/ipcheck` `localhost` `process-log.vercel.app` `1215.vercel.app` `https://1215.vercel.app/api/ipcheck` 4d448236856c38a8795acba90829142ce73b3706a150b81866944048b31ebcf1 dcde20e9104c953246a379a54c2292e49add6601c77898972fd37912c985f470
2025-07-15	notifications-log (3.3.4) 2025-07-15	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-15	flowmint (1.0.1) 2025-07-15	c321432fadaba806d031e30e1f11b3a01bb2074b490f8ad0b1900746658b30d5
2025-07-15	vite-audit-plugin (1.0.1) 2025-07-15	c9e73abe39f222ca824f5567ac27981d582e548a5cba5ab8c0312adb59658670
2025-07-15	vite-logeidit (1.0.1) 2025-07-15	c321432fadaba806d031e30e1f11b3a01bb2074b490f8ad0b1900746658b30d5
2025-07-15	proc-log-cmd (1.0.1) 2025-07-15	c321432fadaba806d031e30e1f11b3a01bb2074b490f8ad0b1900746658b30d5
2025-07-15	stream-loggers (1.0.12) 2025-07-15	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-11	rc-logger (3.4.1) 2025-07-11	b74a9c3ad7c7e559b72a8c8818c27ab5e9a719ac022d1135ec12e104d143f32f
2025-07-10	config-log (1.0.3) 2025-07-10	b74a9c3ad7c7e559b72a8c8818c27ab5e9a719ac022d1135ec12e104d143f32f
2025-07-09	postcss-minify-theme (7.0.6) 2025-07-09	ae14d886d9848a35593ab08481c2bdc9513b8596ed07e64bcfb5858d1f83633b
2025-07-09	postcss-minify-theme (7.0.5) 2025-07-09	ae14d886d9848a35593ab08481c2bdc9513b8596ed07e64bcfb5858d1f83633b
2025-07-08	husky-logger (3.3.6) 2025-07-08	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-08	husky-logger (3.3.2) 2025-07-08	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-08	husky-logger (3.3.1) 2025-07-08	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` f290db50ffe64d4fb5fe409d3d1c8eca6f6711e4bbd85a13c9dce055508cc1b3
2025-07-08	vite-lightparse (1.0.0) 2025-07-08	`https://ip-check-server.vercel.app/api/ip-check/208` `ip-check-server.vercel.app` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-07-08	vite-usageit (1.0.1) 2025-07-08	c321432fadaba806d031e30e1f11b3a01bb2074b490f8ad0b1900746658b30d5
2025-07-07	node-mongodb-logger (3.8.2) 2025-07-07	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-07	node-mongo-orm (3.6.2) 2025-07-07	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-07	node-mongo-orm (3.5.2) 2025-07-07	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` f290db50ffe64d4fb5fe409d3d1c8eca6f6711e4bbd85a13c9dce055508cc1b3
2025-07-07	pino-req (1.2.0) 2025-07-07	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` 687e83c1e198b36cd8562c21c69a776cf6c5c31acadb6419f26805f61726a6a8
2025-07-07	pino-req (1.1.5) 2025-07-07	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` 687e83c1e198b36cd8562c21c69a776cf6c5c31acadb6419f26805f61726a6a8
2025-07-07	pino-req (1.1.4) 2025-07-07	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` 687e83c1e198b36cd8562c21c69a776cf6c5c31acadb6419f26805f61726a6a8
2025-07-07	pino-req (1.1.3) 2025-07-07	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` 687e83c1e198b36cd8562c21c69a776cf6c5c31acadb6419f26805f61726a6a8
2025-07-05	jsonlis-conf (8.9.8) 2025-07-05	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-04	querypilot (1.0.5) 2025-07-04	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-04	ecom-config (1.0.1) 2025-07-04	c321432fadaba806d031e30e1f11b3a01bb2074b490f8ad0b1900746658b30d5
2025-07-04	jsonskipy (1.0.11) 2025-07-04	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-04	jsonli-conf (8.9.6) 2025-07-04	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-04	jsonloggers (8.9.6) 2025-07-04	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-04	restpilot (1.0.11) 2025-07-04	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-04	nodestream-log (1.0.12) 2025-07-04	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c
2025-07-03	node-log-streamer (1.4.12) 2025-07-03	`https://log-server-lovat.vercel.app/api/ipcheck/703` `log-server-lovat.vercel.app` 419285d369ff0ebace833f59151cdc43412d7f8203c57f5bab831435f9f7457c

About this collection

FAMOUS CHOLLIMA has been facilitating the Contagious Interview campaign by deploying npm packages to the npm registry as early as August 2024. I have been actively tracking FAMOUS CHOLLIMA’s package distributions since ~February 2025 and in July 2025 I opened the collection to the public.

Every package and version listed here has been manually attributed to FAMOUS CHOLLIMA with high confidence based on the characteristics of the alleged maintainer, the package contents, the indicators, and the malware behaviour (if I’ve made a mistake, please contact me below).

The IOCs represent only the earliest stages of an infection chain. Typically these packages are designed to execute remote content that facilitates further infection (i.e. OtterCookie, BEAVERTAIL, et. al.) and involve more indicators than are visible here.

This collection is not an exhaustive list. Packages slip through my hunting and attribution process. Other researchers have discovered some too, but I believe this is the largest open collection of Contagious Interview npm packages on the internet.

My biggest competitor in terms of volume of packages identified (I think I’m winning for now 😉) is socket.dev, who have done a really great job of explaining the campaign in detail:

January 2025 - North Korean APT Lazarus Targets Developers with Malicious npm Package
March 2025 - Lazarus Strikes npm Again with New Wave of Malicious Packages
April 2025 - Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads
June 2025 - Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages

Want to get in touch? Contact dprk-research[@]pm[.]me.