TI Mindmap HUB
Threat Intelligence Report

Tracking an OtterCookie Infostealer Campaign Across npm

📅 April 16, 2026 📰 panther.com 🔍 0 CVE(s) referenced

North Korean threat actors are using a sophisticated two-layer npm package attack to steal credentials and plant SSH backdoors on developers’ machines, leveraging advanced obfuscation and persistent infrastructure linked to the OtterCookie infostealer campaign.

vendor

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap
🎯 IOC Extraction
⚔️ MITRE ATT&CK TTPs
📦 STIX 2.1 Bundle