← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Contagious Trader campaign - Coordinated weaponisation of cryptocurrency trading bots by suspected DPRK malware operators
WHITE DPRK (North Korea) Tr1sa111 2026-03-18 Modified: 2026-04-17
12
IOCs
MEDIUM VOLUME
pylangghostinvisibleferrettbigsquatratbeavertailtrading botslazarusgolangghostdprkcryptocurrencycontagious traderexfiltrationmalwaregithubnpmottercookie
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Contagious Trader BigSquatRAT OtterCookie Beavertail InvisibleFerrett GolangGhost PylangGhost
Indicators of Compromise (12)
All URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://65.109.25.6:6000/api/polymarket-copytrading-bot-api-key/validate 2026-03-18
domain aurevian.cloud 2026-03-18
domain changelog.rest 2026-03-18
domain clob-polymarket.com 2026-03-18
domain jacobtan0107.pm 2026-03-18
domain polblxpnl.space 2026-03-18
domain polymarket-clob.com 2026-03-18
hostname api.bpkythuat.com 2026-03-18
hostname api.fivefingerz.dev 2026-03-18
hostname api.mywalletsss.store 2026-03-18
hostname api.soladify.fun 2026-03-18
hostname www.blxrbn.com 2026-03-18
References (1)
↗ https://kmsec.uk/blog/contagious-trader/