← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Contagious Trader campaign - Coordinated weaponisation of cryptocurrency trading bots by suspected DPRK malware operators
WHITE DPRK (North Korea) Tr1sa111 2026-03-18 Modified: 2026-04-17
12
IOCs
MEDIUM VOLUME
pylangghostinvisibleferrettbigsquatratbeavertailtrading botslazarusgolangghostdprkcryptocurrencycontagious traderexfiltrationmalwaregithubnpmottercookie
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Contagious Trader BigSquatRAT OtterCookie Beavertail InvisibleFerrett GolangGhost PylangGhost
Indicators of Compromise (1 / 12 total)
All URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://65.109.25.6:6000/api/polymarket-copytrading-bot-api-key/validate 2026-03-18
References (1)
↗ https://kmsec.uk/blog/contagious-trader/