DPRK npm packages

The finest (and largest?) collection of malicious npm packages attributed to North Korea on the internet.

These npm packages facilitate FAMOUS CHOLLIMA's Contagious Interview campaign. FAMOUS CHOLLIMA is a threat actor assessed to be directed by the Democratic People's Repubic of Korea (DPRK, North Korea).

Want data from a specific time period? Manipulate the UNIX timestamp (in ms) in the start and end parameters of the URL.

Want json? GET json by appending a json URL parameter.

Showing 135 malicious npm releases from 105 distinct packages distributed between 2025-11-06 and 2025-12-06

Released	Package	IOCs
2025-12-05	json-mappings (2.3.8) 2025-12-05	cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4 d537bb75a39259a3e83e5e65ccf20bb5e62795992e2829095119daf1f0f817ea
2025-12-05	jsonify-setting (2.3.8) 2025-12-05	cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4 d537bb75a39259a3e83e5e65ccf20bb5e62795992e2829095119daf1f0f817ea
2025-12-05	streamixer (2.3.7) 2025-12-05	7bfa769810c8b3178c75bc58ab6ef399dd4edf475daf09beef873854ad45acdd cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4
2025-12-05	express-sessions-id (3.6.9) 2025-12-05	9baef677ed280b80003b62d2c5247d3695afa3142cf36793f7d18dd425cbdcab cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4
2025-12-04	chai-nerd (1.1.7) 2025-12-04	6074abde1065b7fb2ab8d23885a183817dead4053b8a2f2dd6c91e81247ec5d7 d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2025-12-04	passport-google-auth-token (1.0.7) 2025-12-04	`getApilatency.onrender.com` `getServerStatus.onrender.com` `getapilatency1.onrender.com` `getserverstatus1.onrender.com` `getapilatency2.onrender.com` `getserverstatus2.onrender.com` `https://getApilatency.onrender.com/checkStatus` `https://getServerStatus.onrender.com/checkStatus` `https://getapilatency1.onrender.com/checkStatus` `https://getserverstatus1.onrender.com/checkStatus` `https://getapilatency2.onrender.com/checkStatus` `https://getserverstatus2.onrender.com/checkStatus` 3bcc7e61e4e5540260a640685d30ffc5d82f5bc0d37ed3879836fd5723586505
2025-12-04	chai-uuids (2.3.7) 2025-12-04	9baef677ed280b80003b62d2c5247d3695afa3142cf36793f7d18dd425cbdcab cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4
2025-12-04	@maxcointech/simple-string-utils (1.0.7) 2025-12-04	`getApilatency.onrender.com` `https://getApilatency.onrender.com/checkStatus` bcc577b5f118677798674210098cdba3a639e2d34da6bdc8ea170076cf6a32dc f3b587e90a96f51781bb835926a8f5f2ba6b162fa51e54b1b6593430e5ba9a6d
2025-12-04	@maxcointech/simple-string-utils (1.0.5) 2025-12-04
2025-12-04	passport-google-auth-token (1.0.6) 2025-12-04
2025-12-04	passport-google-auth-token (1.0.5) 2025-12-04
2025-12-04	passport-google-auth-token (1.0.4) 2025-12-04
2025-12-04	passport-google-auth-token (1.0.3) 2025-12-04
2025-12-04	passport-google-auth-token (1.0.2) 2025-12-04
2025-12-04	passport-google-auth-token (1.0.0) 2025-12-04
2025-12-04	@maxcointech/simple-string-utils (1.0.4) 2025-12-04
2025-12-04	@maxcointech/simple-string-utils (1.0.3) 2025-12-04
2025-12-04	@maxcointech/simple-string-utils (1.0.2) 2025-12-04
2025-12-04	@maxcointech/simple-string-utils (1.0.0) 2025-12-04
2025-12-02	json-map-source (2.3.8) 2025-12-02	cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4 d537bb75a39259a3e83e5e65ccf20bb5e62795992e2829095119daf1f0f817ea
2025-12-01	json-map-source (2.3.7) 2025-12-01
2025-12-01	streamlinear (2.3.7) 2025-12-01	7bfa769810c8b3178c75bc58ab6ef399dd4edf475daf09beef873854ad45acdd cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4
2025-12-01	older_morgan (1.0.2) 2025-12-01	`api-server-oj5h.onrender.com` `https://api-server-oj5h.onrender.com/checkServer` aae98d379e5d76b0103010ecaa36c8b2988b7c1b918efb956f72b7cfb9cbbb10
2025-12-01	older_morgan (1.0.1) 2025-12-01	`api-server-oj5h.onrender.com` `https://api-server-oj5h.onrender.com/checkServer` f064cb98dd791fe516a206ae5a8fc39bd09ebbf6742f3d0c50737b260f2dd3bf
2025-12-01	alder_morrgan (1.0.1) 2025-12-01	`api-server-oj5h.onrender.com` `https://api-server-oj5h.onrender.com/checkServer` ed75542889a4c45f3c7d9acce2622885444faf0603797386c30b78f0507c809d
2025-12-01	alder_morrgan (1.0.0) 2025-12-01
2025-11-26	chai-promised-chain (2.4.2) 2025-11-26	d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f dd1d584c6b4cdb1c034cf1f6ac3ce112aef5636ffd30d84aea361f2712192154
2025-11-26	dotnetenv (1.1.7) 2025-11-26	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` `localhost:3000` `http://localhost:3000` 47c99e55e2fad0df0c07e9c4f2e276fe94a96b026e14b6197a6b5aaa2612faf5 52f9b127ab96986528921c8e695b1500ad079e1028825f73c69bd0f6e5d7afb9 68e6742e29531623c02b8ab7956769efe7183925b643145067850caf74539936
2025-11-26	chai-async (1.1.7) 2025-11-26	6074abde1065b7fb2ab8d23885a183817dead4053b8a2f2dd6c91e81247ec5d7 d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2025-11-26	chai-as-validated (2.3.2) 2025-11-26	5230f0d52cb1fd3dc86b91f0133ffda9d0a9a0a59219b22d8caf4e40c270c82f f2a2fcc303758fc12a7e1d3c4dedff76a2c653f3759d931ac0597690ec25a20a
2025-11-26	database-mongoose-kit (2.1.0) 2025-11-26	836d5fe71e8ae3c10d41ee65a2f3b7e09ec442c21328045febd891ad62b3e7aa
2025-11-26	tailwindcss-containers (2.13.5) 2025-11-26	`ip-check-server.vercel.app` `https://ip-check-server.vercel.app/api/ip-check/208` fef4ab8cff67b796572028193f6605efb24014a0fc8366ec3b549122c3f07776
2025-11-25	react-svg-fill (1.0.0) 2025-11-25	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` `vercel.app` 002b0ace495286d7cae574d9423b6fabdc22cbe5317135290087bbf6759eac2a
2025-11-25	session-expire (2.4.1) 2025-11-25	d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f dd1d584c6b4cdb1c034cf1f6ac3ce112aef5636ffd30d84aea361f2712192154
2025-11-25	js-uponcaps (7.2.7) 2025-11-25	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` `localhost:3000` `http://localhost:3000` 47c99e55e2fad0df0c07e9c4f2e276fe94a96b026e14b6197a6b5aaa2612faf5 52f9b127ab96986528921c8e695b1500ad079e1028825f73c69bd0f6e5d7afb9 68e6742e29531623c02b8ab7956769efe7183925b643145067850caf74539936
2025-11-25	chai-promised-expect (2.4.1) 2025-11-25	d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f dd1d584c6b4cdb1c034cf1f6ac3ce112aef5636ffd30d84aea361f2712192154
2025-11-25	tailwindcss-flexbox (1.9.16) 2025-11-25	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 6990dac643100576f7a70b053fa1663f8be205e11e937b7f47d2300bac61fdce
2025-11-24	cookie-mapper (1.1.0) 2025-11-24	096152655b3fbe40fe778a11b431ae3fa2d119c59fee1234352ac8f209e90834 30a36f9425623e8d47de2ff2d9ae6f0b4f6878713ebfebd2f648986f2ae1a9c7
2025-11-24	smart-parser (2.0.1) 2025-11-24	836d5fe71e8ae3c10d41ee65a2f3b7e09ec442c21328045febd891ad62b3e7aa
2025-11-24	react-icon-updater (1.0.4) 2025-11-24	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` 8aa4e6789b8a59b009396882bfdc86742c004b588718898352f633a483dcef49
2025-11-24	chai-promise-chain (2.4.1) 2025-11-24	d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f dd1d584c6b4cdb1c034cf1f6ac3ce112aef5636ffd30d84aea361f2712192154
2025-11-24	session-parse (2.4.1) 2025-11-24	d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f dd1d584c6b4cdb1c034cf1f6ac3ce112aef5636ffd30d84aea361f2712192154
2025-11-24	react-icon-updater (1.0.3) 2025-11-24	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` ee2f6db718e43b731116dbf004782a017a14abbcd9261a427fbf1e2b9a47cca0
2025-11-24	react-icon-updater (1.0.2) 2025-11-24
2025-11-24	react-icon-updater (1.0.0) 2025-11-24
2025-11-24	bootstrap-setcolors (1.9.16) 2025-11-24	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 6990dac643100576f7a70b053fa1663f8be205e11e937b7f47d2300bac61fdce
2025-11-24	cookie-breaker (1.1.0) 2025-11-24	1507f1a7c2cedc8e038ffb7bd0191f06b454cb52ca3b322d312a1e054f06247a e140c749a79d7c7e130f05b34857c3d1c6e3c45114518c82ece0faa0fcce91fd
2025-11-24	jsonauthcap (7.2.7) 2025-11-24	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` `localhost:3000` `http://localhost:3000` 47c99e55e2fad0df0c07e9c4f2e276fe94a96b026e14b6197a6b5aaa2612faf5 52f9b127ab96986528921c8e695b1500ad079e1028825f73c69bd0f6e5d7afb9 68e6742e29531623c02b8ab7956769efe7183925b643145067850caf74539936
2025-11-23	tailwind-justify (0.2.5) 2025-11-23	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 2e150e7794b1ababe441492aee68eb031f4cc1766a4ea7cd6f68e43c66741948
2025-11-22	react-flex-tools (2.0.1) 2025-11-22	836d5fe71e8ae3c10d41ee65a2f3b7e09ec442c21328045febd891ad62b3e7aa
2025-11-22	auth-handler (2.5.8) 2025-11-22	f88bf74d01bf19debf71be3eb5e976b8006576628f9e6b95649d3ed72f9cd282
2025-11-22	assert-json-not (2.3.5) 2025-11-22	47bdb9996190a69fa20ef1bdf39202ddb31962783cf448a34b662a9c0c6f101d
2025-11-22	session-parer (2.3.8) 2025-11-22	f88bf74d01bf19debf71be3eb5e976b8006576628f9e6b95649d3ed72f9cd282
2025-11-22	session-keeper (2.5.5) 2025-11-22	a477324df585926bfb80a6ff2f02d5893681af585bdf617bbee374a055ea1d33
2025-11-22	session-keeper (2.4.5) 2025-11-22
2025-11-22	init-router (2.0.1) 2025-11-22	836d5fe71e8ae3c10d41ee65a2f3b7e09ec442c21328045febd891ad62b3e7aa
2025-11-22	json-panels (2.3.8) 2025-11-22	7556a33dbf82152987640132db378d0f4e0c210af6eb808ee3c405ead990fec9
2025-11-21	json-getin (7.2.7) 2025-11-21	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` `localhost:3000` `http://localhost:3000` 47c99e55e2fad0df0c07e9c4f2e276fe94a96b026e14b6197a6b5aaa2612faf5 52f9b127ab96986528921c8e695b1500ad079e1028825f73c69bd0f6e5d7afb9 68e6742e29531623c02b8ab7956769efe7183925b643145067850caf74539936
2025-11-21	chai-auth (5.1.0) 2025-11-21	6074abde1065b7fb2ab8d23885a183817dead4053b8a2f2dd6c91e81247ec5d7 d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2025-11-21	bootstrap-setcolor (1.9.16) 2025-11-21	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 6990dac643100576f7a70b053fa1663f8be205e11e937b7f47d2300bac61fdce
2025-11-21	bootstrap-setcolor (1.9.15) 2025-11-21	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 6990dac643100576f7a70b053fa1663f8be205e11e937b7f47d2300bac61fdce
2025-11-21	bootstrap-setflexcolor (1.9.15) 2025-11-21	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 6990dac643100576f7a70b053fa1663f8be205e11e937b7f47d2300bac61fdce
2025-11-20	react-svgs-helper (1.0.0) 2025-11-20	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` `vercel.app` 002b0ace495286d7cae574d9423b6fabdc22cbe5317135290087bbf6759eac2a
2025-11-20	react-svg-supporter (1.3.4) 2025-11-20	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` `vercel.app` 002b0ace495286d7cae574d9423b6fabdc22cbe5317135290087bbf6759eac2a
2025-11-20	js-coauth (7.2.7) 2025-11-20	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` `localhost:3000` `http://localhost:3000` 47c99e55e2fad0df0c07e9c4f2e276fe94a96b026e14b6197a6b5aaa2612faf5 52f9b127ab96986528921c8e695b1500ad079e1028825f73c69bd0f6e5d7afb9 68e6742e29531623c02b8ab7956769efe7183925b643145067850caf74539936
2025-11-20	bootstrap-flexgrid (1.9.15) 2025-11-20	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 6990dac643100576f7a70b053fa1663f8be205e11e937b7f47d2300bac61fdce
2025-11-20	tailwind-gradient-image (1.2.1) 2025-11-20	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 2e150e7794b1ababe441492aee68eb031f4cc1766a4ea7cd6f68e43c66741948
2025-11-20	tailwind-morph (1.5.8) 2025-11-20	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 048f05b4555c8949582bb2473fe365d605ce947aac58912681fd4d12e4bca5e1
2025-11-20	tailwindcss-setflexgrid (1.12.5) 2025-11-20	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 6990dac643100576f7a70b053fa1663f8be205e11e937b7f47d2300bac61fdce
2025-11-19	tailwind-dynamic (2.5.2) 2025-11-19	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 048f05b4555c8949582bb2473fe365d605ce947aac58912681fd4d12e4bca5e1
2025-11-19	react-svg-bundler (1.7.6) 2025-11-19	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` a239adaea626c7032bc5e520a32f4f9c3543ffba52405660576aca5bc5db6024
2025-11-19	react-svg-bundler (1.7.5) 2025-11-19	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` 8252d5268acc37c09786c3c2de26dc20c4548fc483f1137498c77534077656e6
2025-11-19	react-svg-bundler (1.7.4) 2025-11-19	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` 59b778c3833ccf875cb04c49faac7f1d252e80beeac0d1a4f31e3e9dd9bcce8c
2025-11-19	react-svg-bundler (1.0.0) 2025-11-19	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` 59b778c3833ccf875cb04c49faac7f1d252e80beeac0d1a4f31e3e9dd9bcce8c
2025-11-19	chai-as-deployed (2.3.2) 2025-11-19	5230f0d52cb1fd3dc86b91f0133ffda9d0a9a0a59219b22d8caf4e40c270c82f f2a2fcc303758fc12a7e1d3c4dedff76a2c653f3759d931ac0597690ec25a20a
2025-11-19	tailwindcss-flexflow (1.12.5) 2025-11-19	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 6990dac643100576f7a70b053fa1663f8be205e11e937b7f47d2300bac61fdce
2025-11-19	chai-jsons (3.3.8) 2025-11-19	9baef677ed280b80003b62d2c5247d3695afa3142cf36793f7d18dd425cbdcab cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4
2025-11-19	chai-jsons (3.3.7) 2025-11-19
2025-11-19	tailwind-variance (2.9.5) 2025-11-19	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 048f05b4555c8949582bb2473fe365d605ce947aac58912681fd4d12e4bca5e1
2025-11-18	json-oauth (7.2.7) 2025-11-18	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` `localhost:3000` `http://localhost:3000` 47c99e55e2fad0df0c07e9c4f2e276fe94a96b026e14b6197a6b5aaa2612faf5 52f9b127ab96986528921c8e695b1500ad079e1028825f73c69bd0f6e5d7afb9 68e6742e29531623c02b8ab7956769efe7183925b643145067850caf74539936
2025-11-18	react-svg-helper-fast (1.0.0) 2025-11-18	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` `vercel.app` 002b0ace495286d7cae574d9423b6fabdc22cbe5317135290087bbf6759eac2a
2025-11-18	jsonify-settings (7.7.7) 2025-11-18	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` `vercel.app` 496d5c6c93b32016ca1e06ec7f26128bcb65a00072fe1d19bd9f38d0b55aa6f0
2025-11-18	jsonauth (7.2.7) 2025-11-18	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` `localhost:3000` `http://localhost:3000` 47c99e55e2fad0df0c07e9c4f2e276fe94a96b026e14b6197a6b5aaa2612faf5 52f9b127ab96986528921c8e695b1500ad079e1028825f73c69bd0f6e5d7afb9 68e6742e29531623c02b8ab7956769efe7183925b643145067850caf74539936
2025-11-18	chai-pack (5.1.0) 2025-11-18	6074abde1065b7fb2ab8d23885a183817dead4053b8a2f2dd6c91e81247ec5d7 d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2025-11-18	tailwindcss-setfontstyle (1.12.5) 2025-11-18	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 6990dac643100576f7a70b053fa1663f8be205e11e937b7f47d2300bac61fdce
2025-11-18	chai-status (2.4.2) 2025-11-18	9624e1f4ddbfdc3234c4d71012b0f5f649b0220a98222cf347c046d5e9206954
2025-11-18	react-resizable-text (1.3.2) 2025-11-18	`ap` `23.` `https://ap` `http://23.` 4aac106a4f36aba6433c7ded453d724307ee55616e240883cd46204549cf24b1 6cf8723dd0673433945c269933aec333a301e86c007adcf6fa9187ce2d5bf9c3 ab0b81ef26e1aa481bcd419a463dfcd0a0c62e56d67cdb10bdde85b741bd74da
2025-11-17	tailwindcss-csstree (0.3.7) 2025-11-17	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 2e150e7794b1ababe441492aee68eb031f4cc1766a4ea7cd6f68e43c66741948
2025-11-17	tailwindcss-bootstrap-color (1.17.19) 2025-11-17	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 6990dac643100576f7a70b053fa1663f8be205e11e937b7f47d2300bac61fdce
2025-11-17	jsonrecap (3.1.8) 2025-11-17	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` `localhost:3000` `http://localhost:3000` 47c99e55e2fad0df0c07e9c4f2e276fe94a96b026e14b6197a6b5aaa2612faf5 52f9b127ab96986528921c8e695b1500ad079e1028825f73c69bd0f6e5d7afb9 68e6742e29531623c02b8ab7956769efe7183925b643145067850caf74539936
2025-11-15	tailwindcss-helpers (2.0.5) 2025-11-15	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 6990dac643100576f7a70b053fa1663f8be205e11e937b7f47d2300bac61fdce
2025-11-15	custom-log-viewer (1.0.0) 2025-11-15	`api-server-mocha.vercel.app` `https://api-server-mocha.vercel.app/api/ipcheck-encrypted/606` 382b3e48c42bd2c5e140dca254004137c028f175036393a6e339a902033a224e
2025-11-14	tailwindcss-setflexgrid (1.17.19) 2025-11-14	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 6990dac643100576f7a70b053fa1663f8be205e11e937b7f47d2300bac61fdce
2025-11-14	jsswapper (7.2.7) 2025-11-14	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` `localhost:3000` `http://localhost:3000` 47c99e55e2fad0df0c07e9c4f2e276fe94a96b026e14b6197a6b5aaa2612faf5 52f9b127ab96986528921c8e695b1500ad079e1028825f73c69bd0f6e5d7afb9 68e6742e29531623c02b8ab7956769efe7183925b643145067850caf74539936
2025-11-14	dotenv-intend (3.3.5) 2025-11-14	d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f e727cc7218ede7dba2620db10b4f0118eae5e960ac3b4447edce43d7c20d8b74
2025-11-14	chai-test-await (3.3.5) 2025-11-14	d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f e727cc7218ede7dba2620db10b4f0118eae5e960ac3b4447edce43d7c20d8b74
2025-11-13	chai-as-deployed (2.3.1) 2025-11-13	1b5371673bdd1b66a83e6b9aea8bad1c79ae77b2be22b298634a05ce0e7bacc2 6f2cf3e8b71576a681c58f1fa3e009d0d8330bb65f514721cbd1dd07bffef77b
2025-11-13	vite-dynachunk (2.0.9) 2025-11-13	`json-project-opal.vercel.app` `${domain2}` `${domain1}` `https://${domain2}/${uuid}` `https://${domain1}/apikey/${apikey}` 6576f70a30422518a3f5858ba619f3444a55e53027f7a33fa01c21e457eacccc
2025-11-12	initial-path (2.3.8) 2025-11-12	8df10611908ecad6ab82ad456eaf07c3dfed352d1c5d694ddf928fc4db3a85a3
2025-11-12	jsonapptoken (2.3.8) 2025-11-12	a5fced4c8f6622e77d3fb71bc6375a02249bba358c6925be6f411ff611d759bd
2025-11-11	tailwindcss-animation-helper (1.1.3) 2025-11-11	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` `vercel.app` 685e2958026032e04c3dcfa310b9b318488ed93cba37413e923bed691ecb7b5e
2025-11-11	multi-provider-settings (4.4.6) 2025-11-11	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` `vercel.app` c95e13ac8cb60aecf5fa2eec2d311cf0e4fcfc59119d0e58dff038a78e802da1
2025-11-11	chai-as-deploy (2.4.1) 2025-11-11	1b5371673bdd1b66a83e6b9aea8bad1c79ae77b2be22b298634a05ce0e7bacc2 6f2cf3e8b71576a681c58f1fa3e009d0d8330bb65f514721cbd1dd07bffef77b
2025-11-11	tailwind-pulse (2.9.3) 2025-11-11	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 048f05b4555c8949582bb2473fe365d605ce947aac58912681fd4d12e4bca5e1
2025-11-10	tailwindcss-svg-helper (1.18.0) 2025-11-10	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` `vercel.app` 685e2958026032e04c3dcfa310b9b318488ed93cba37413e923bed691ecb7b5e
2025-11-10	tailwindcss-svg-helper (1.17.9) 2025-11-10	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` `vercel.app` a4b4aa217b3f402bf9cdcb17a538e53309fc28f78e003c49542d4edafd3103ed
2025-11-10	parse-session (2.4.1) 2025-11-10	d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f dd1d584c6b4cdb1c034cf1f6ac3ce112aef5636ffd30d84aea361f2712192154
2025-11-10	chai-test-async (3.3.5) 2025-11-10	d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f e727cc7218ede7dba2620db10b4f0118eae5e960ac3b4447edce43d7c20d8b74
2025-11-10	chain-test-async (3.3.5) 2025-11-10	d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f e727cc7218ede7dba2620db10b4f0118eae5e960ac3b4447edce43d7c20d8b74
2025-11-10	tailwindcss-webfont-awesome (1.17.19) 2025-11-10	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 6990dac643100576f7a70b053fa1663f8be205e11e937b7f47d2300bac61fdce
2025-11-10	loger-parser (2.3.6) 2025-11-10	f88bf74d01bf19debf71be3eb5e976b8006576628f9e6b95649d3ed72f9cd282
2025-11-10	tailwind-inquirer (0.3.4) 2025-11-10	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 2e150e7794b1ababe441492aee68eb031f4cc1766a4ea7cd6f68e43c66741948
2025-11-10	jsonupper (5.1.0) 2025-11-10	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` `localhost:3000` `http://localhost:3000` 47c99e55e2fad0df0c07e9c4f2e276fe94a96b026e14b6197a6b5aaa2612faf5 52f9b127ab96986528921c8e695b1500ad079e1028825f73c69bd0f6e5d7afb9 68e6742e29531623c02b8ab7956769efe7183925b643145067850caf74539936
2025-11-10	jsoncap (5.1.0) 2025-11-10	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` `localhost:3000` `http://localhost:3000` 47c99e55e2fad0df0c07e9c4f2e276fe94a96b026e14b6197a6b5aaa2612faf5 52f9b127ab96986528921c8e695b1500ad079e1028825f73c69bd0f6e5d7afb9 68e6742e29531623c02b8ab7956769efe7183925b643145067850caf74539936
2025-11-10	react-svg-helper (1.0.0) 2025-11-10	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` `vercel.app` 002b0ace495286d7cae574d9423b6fabdc22cbe5317135290087bbf6759eac2a
2025-11-10	chai-as-sorted (2.3.11) 2025-11-10	21fbeafa3d85a30758ae29cb463766874b1c61844fe6563e261e222741506446 6f2cf3e8b71576a681c58f1fa3e009d0d8330bb65f514721cbd1dd07bffef77b
2025-11-09	chai-proxify (2.4.2) 2025-11-09	9624e1f4ddbfdc3234c4d71012b0f5f649b0220a98222cf347c046d5e9206954
2025-11-09	chai-as-sorted (2.3.10) 2025-11-09	21fbeafa3d85a30758ae29cb463766874b1c61844fe6563e261e222741506446 f2d2c26f0e7486708de6534ccad1bd359e275f5c60d577653cd1573a8ca4ba56
2025-11-09	tailwindcss-web-font-awesome (1.17.19) 2025-11-09	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 6990dac643100576f7a70b053fa1663f8be205e11e937b7f47d2300bac61fdce
2025-11-09	vite-support-kit (5.21.3) 2025-11-09	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 633b48b945d806487e1fead5f91a6089321f347d006fdcd5cfc7c4fc11022585
2025-11-09	tailwind-interact (3.35.2) 2025-11-09	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 048f05b4555c8949582bb2473fe365d605ce947aac58912681fd4d12e4bca5e1
2025-11-09	tailwind-forms-plus (4.27.1) 2025-11-09	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 048f05b4555c8949582bb2473fe365d605ce947aac58912681fd4d12e4bca5e1
2025-11-09	tailwind-grid-tools (2.58.4) 2025-11-09	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 048f05b4555c8949582bb2473fe365d605ce947aac58912681fd4d12e4bca5e1
2025-11-08	node-tailwind (2.1.3) 2025-11-08	`tetrismic.vercel.app` `https://tetrismic.vercel.app/api/ipcheck` 661959ad78383c9e77fe9b002738c96828aa9f6ddaba07e715c5583593a6914c
2025-11-07	chai-async-chain (2.4.1) 2025-11-07	d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f dd1d584c6b4cdb1c034cf1f6ac3ce112aef5636ffd30d84aea361f2712192154
2025-11-07	js-cotype (4.1.4) 2025-11-07	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` `localhost:3000` `http://localhost:3000` 47c99e55e2fad0df0c07e9c4f2e276fe94a96b026e14b6197a6b5aaa2612faf5 52f9b127ab96986528921c8e695b1500ad079e1028825f73c69bd0f6e5d7afb9 68e6742e29531623c02b8ab7956769efe7183925b643145067850caf74539936
2025-11-06	chai-as-sorted (2.3.8) 2025-11-06	21fbeafa3d85a30758ae29cb463766874b1c61844fe6563e261e222741506446 d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2025-11-06	vite-commonjs-support (1.8.3) 2025-11-06	`23.` `ap` `http://23.` `https://ap` 4aac106a4f36aba6433c7ded453d724307ee55616e240883cd46204549cf24b1 58217842f155ffa36e7c9a7c2145edad4c2c35ba4d32bc23cafa5d39953d1ea5 ab0b81ef26e1aa481bcd419a463dfcd0a0c62e56d67cdb10bdde85b741bd74da
2025-11-06	chai-proxify (2.4.1) 2025-11-06	1eaa00ad9735e9b7b913919f2ce208cbf1633f774622e47bc09a759c9ae01227 82a6c2da57216b34974259d9d69bd09d34c5ad9e23c195d5f2de0f1b0d6a064e
2025-11-06	vite-chunk-master (2.0.9) 2025-11-06	`json-project-opal.vercel.app` `${domain2}` `${domain1}` `https://${domain2}/${uuid}` `https://${domain1}/apikey/${apikey}` 6576f70a30422518a3f5858ba619f3444a55e53027f7a33fa01c21e457eacccc
2025-11-06	tailwindcss-animation-style (1.17.19) 2025-11-06	`ip-ap-check.vercel.app` `https://ip-ap-check.vercel.app/api/ip-check/208` 6990dac643100576f7a70b053fa1663f8be205e11e937b7f47d2300bac61fdce
2025-11-06	grid-settings (14.1.3) 2025-11-06	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` `vercel.app` bf8991896e0a47687c251c1797fa9825f80941484249429df3f65ddbfc62ead7
2025-11-06	grid-settings (14.1.2) 2025-11-06
2025-11-06	radix-ui-react-modal (1.1.16) 2025-11-06	`23.` `ap` `http://23.` `https://ap` 4aac106a4f36aba6433c7ded453d724307ee55616e240883cd46204549cf24b1 ab0b81ef26e1aa481bcd419a463dfcd0a0c62e56d67cdb10bdde85b741bd74da e9ee0fe9df901bbbe8d05f9f308ef960b52e5cacc8968f058449b31dbd3d5de1
2025-11-06	jsonauto (5.1.0) 2025-11-06	`23.` `ap` `http://23.` `https://ap` `log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` `localhost:3000` `http://localhost:3000` 47c99e55e2fad0df0c07e9c4f2e276fe94a96b026e14b6197a6b5aaa2612faf5 52f9b127ab96986528921c8e695b1500ad079e1028825f73c69bd0f6e5d7afb9 68e6742e29531623c02b8ab7956769efe7183925b643145067850caf74539936

About this collection

FAMOUS CHOLLIMA has been facilitating the Contagious Interview campaign by deploying npm packages to the npm registry as early as August 2024. I have been actively tracking FAMOUS CHOLLIMA’s package distributions since ~February 2025 and in July 2025 I opened the collection to the public.

Every package and version listed here has been manually attributed to FAMOUS CHOLLIMA with high confidence based on the characteristics of the alleged maintainer, the package contents, the indicators, and the malware behaviour (if I’ve made a mistake, please contact me below).

The IOCs represent only the earliest stages of an infection chain. Typically these packages are designed to execute remote content that facilitates further infection (i.e. OtterCookie, BEAVERTAIL, et. al.) and involve more indicators than are visible here.

This collection is not an exhaustive list. Packages slip through my hunting and attribution process. Other researchers have discovered some too, but I believe this is the largest open collection of Contagious Interview npm packages on the internet.

Time permitting, I intend to share some technical details of my tracking and some notable findings (I really should update my blog). In the meantime, I recommend socket.dev’s series of posts on the campaign. They have done a really great job of reporting on the campaign in detail:

January 2025 - North Korean APT Lazarus Targets Developers with Malicious npm Package
March 2025 - Lazarus Strikes npm Again with New Wave of Malicious Packages
April 2025 - Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads
June 2025 - Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages
October 2025 - North Korea’s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads - Thanks for the credit!

Want to get in touch? Contact dprk-research[@]pm[.]me.