Cremit
/incidentsfield log
탐지캠페인유출지패턴LLM사고 사례방법론
↺rss↗cremit.io

incidents.cremit.io

실제 발생한 비인간 식별자(NHI) 크리덴셜 유출 사고를 정리한 인덱스. 운영: Cremit

둘러보기

  • 전체 사고
  • npm 공급망
  • CI/CD 침해
  • 방법론

구독

  • RSS 피드
  • @cremit_io
  • GitHub
// 상태
모니터 가동중
// 빌드
2026-07-04
// 출처
cremit · 서울, 대한민국
// 라이선스
CC BY 4.0

© 2026 Cremit. 출처 표시 시 자유롭게 재사용 가능.

home/campaigns/npm/harperdb_team

// publisher 캠페인 · npm

harperdb_team

npm의 harperdb_team 계정이 publish한 catch 패키지 전체와, registry가 현재 노출하는 author·maintainer 정보. 같은 이메일이나 이름이 여러 패키지에 걸쳐 등장하면, 한 명이 여러 throwaway 계정을 운영한다는 강한 증거입니다.

↗npmjs.com publisher↗pypi.org user
패키지
2
고유 이름 수
탐지 이벤트
4
버전 × 이름
blast
—
주간 다운로드 합계
활동 기간
2026-06-03 → 2026-06-05
최초 → 최근 탐지

// publisher OSINT

이 계정 자체에 대한 시그널. 활동 기간이 짧으면 throwaway 가능성이 큽니다. 이메일 도메인을 보면 단발 webmail인지 진짜 조직 메일인지 한눈에 갈리고, 같은 핸들이 여러 registry에 있으면 같은 운영자라고 볼 강한 근거가 됩니다. GitHub 링크가 잡히면 실명 식별까지 곧장 이어집니다.

npm 활동
  • registry 패키지 수: 68
  • 최초 publish: 2019-10-07
  • 최근 publish: 2026-07-03
  • 활동 기간: 2460일
다른 registry의 같은 핸들
  • npm /~harperdb_team: 존재함 ↗
  • pypi /user/harperdb_team: 존재함 ↗
  • github.com/harperdb_team: 없음
이메일 도메인
  • harperdb.io×5
  • gmail.com×2webmail
  • tothsolutions.com×1
  • cb1inc.com×1
  • pm.me×1
  • arrowood.dev×1

// exfil path

what is read → where it ships
steals
  • ● AWS keys
  • ● Chromium logins
  • ○ home dir
  • ○ system info
→
sends to

(no destination string extracted — payload may be dynamic / obfuscated)

Targets resolved from static-analysis flags; destinations extracted from the captured code excerpt. Full list + structured fields available in the IOC panel below.

// 공유 author 식별자

같은 이메일·이름이 캠페인 안 여러 패키지에 등장하는 경우. publisher 계정 외에 별도로 잡히는 직접적인 attribution 증거입니다.

emails
  • opensource@harperdb.io— harper, @harperfast/harper
  • kriszyp@gmail.com— harper, @harperfast/harper
  • npm@harperdb.io— harper, @harperfast/harper
author names
  • harperdb, inc.— harper, @harperfast/harper

// 패턴 풋프린트

캠페인 전반에서 어떤 정적 분석 플래그가 얼마나 자주 매칭됐는지. "이 캠페인이 결국 어떤 종류의 stealer인가"에 대한 요약 답.

  • ×2
  • ×2
  • ×2
  • ×2
  • ×2
  • ×2
  • ×2
  • ×2
  • ×2
  • ×2
  • ×2

// npm에 등록된 전체 활동

이 계정이 지금 registry에 올려둔 모든 패키지 (최신순). ● Cremit 파이프라인이 catch · ○ 아직 미검출.2/68 catch.

  • ○
    @harperfast/template-vue-ssr-studio@ 1.10.3

    Your new app is now deployed and running on Harper Fabric!

    2026-07-03
  • ○
    @harperfast/template-vue-ts-ssr-studio@ 1.10.3

    Your new app is now deployed and running on Harper Fabric!

    2026-07-03
  • ○
    @harperfast/template-vue-studio@ 1.10.3

    Your new app is now deployed and running on Harper Fabric!

    2026-07-03
  • ○

// 이 캠페인의 패키지

고유 이름 2개 · 최신순
  • ↳ author:HarperDB, Inc.<opensource@harperdb.io>maintainers: kriszyp <kriszyp@gmail.com>, harperdb_team <npm@harperdb.io>↗ registry
  • ↳ author:HarperDB, Inc.<opensource@harperdb.io>maintainers: dawsontoth <dawson@tothsolutions.com>, cb1kenobi <chris@cb1inc.com>, harperdb_team <npm@harperdb.io>, heskew <heskew@pm.me>, joshua_hdb <jjohnson@harperdb.io>, kriszyp <kriszyp@gmail.com>, ethan_arrowood <ethan@arrowood.dev>↗ registry
@harperfast/template-vue-ts-studio@ 1.10.3

Your new app is now deployed and running on Harper Fabric!

2026-07-03
  • ○
    @harperfast/template-react-ssr-studio@ 1.10.3

    Your new app is now deployed and running on Harper Fabric!

    2026-07-03
  • ○
    @harperfast/template-react-ts-ssr-studio@ 1.10.3

    Your new app is now deployed and running on Harper Fabric!

    2026-07-03
  • ○
    @harperfast/template-react-studio@ 1.10.3

    Your new app is now deployed and running on Harper Fabric!

    2026-07-03
  • ○
    @harperfast/template-react-ts-studio@ 1.10.3

    Your new app is now deployed and running on Harper Fabric!

    2026-07-03
  • ○
    @harperfast/template-vanilla-studio@ 1.10.3

    Your new app is now deployed and running on Harper Fabric!

    2026-07-03
  • ○
    @harperfast/template-vanilla-ts-studio@ 1.10.3

    Your new app is now deployed and running on Harper Fabric!

    2026-07-03
  • ○
    @harperfast/agent@ 0.16.24

    AI to help you with Harper app management

    2026-07-02
  • ○
    @harperfast/oauth@ 2.1.2

    OAuth 2.0 authentication plugin for Harper

    2026-07-02
  • ●
    @harperfast/harper@ 5.1.15

    Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.

    2026-07-01
  • ●
    harper@ 5.1.15

    Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.

    2026-07-01
  • ○
    @harperfast/harper-pro@ 5.1.15

    Harper is a distributed database, caching service, streaming broker, and application development platform focused on performance and ease of use. Harper Pro includes replication, certificate management, profiling.

    2026-07-01
  • ○
    @harperfast/skills@ 1.10.8

    Best practices for making awesome Harper apps with your favorite Agent

    2026-06-29
  • ○
    @harperfast/rocksdb-js@ 2.3.0

    RocksDB binding for Node.js

    2026-06-25
  • ○
    @harperfast/rocksdb-js-win32-x64@ 2.3.0

    win32-x64 binding for rocksdb-js

    2026-06-25
  • ○
    @harperfast/rocksdb-js-win32-arm64@ 2.3.0

    win32-arm64 binding for rocksdb-js

    2026-06-25
  • ○
    @harperfast/rocksdb-js-linux-x64-musl@ 2.3.0

    linux-x64-musl binding for rocksdb-js

    2026-06-25
  • ○
    @harperfast/rocksdb-js-linux-x64-glibc@ 2.3.0

    linux-x64-glibc binding for rocksdb-js

    2026-06-25
  • ○
    @harperfast/rocksdb-js-linux-arm64-musl@ 2.3.0

    linux-arm64-musl binding for rocksdb-js

    2026-06-25
  • ○
    @harperfast/rocksdb-js-linux-arm64-glibc@ 2.3.0

    linux-arm64-glibc binding for rocksdb-js

    2026-06-25
  • ○
    @harperfast/rocksdb-js-darwin-x64@ 2.3.0

    darwin-x64 binding for rocksdb-js

    2026-06-25
  • ○
    @harperfast/rocksdb-js-darwin-arm64@ 2.3.0

    darwin-arm64 binding for rocksdb-js

    2026-06-25
  • ○
    @harperfast/vite@ 1.1.2

    Plugin for running Vite applications inside Harper

    2026-06-24
  • ○
    @harperfast/integration-testing@ 0.6.2

    Integration testing utilities for Harper-based projects. Provides Harper instance lifecycle management, loopback address pooling, and a test runner script.

    2026-06-20
  • ○
    harperdb@ 4.7.34

    HarperDB is a distributed database, caching service, streaming broker, and application development platform focused on performance and ease of use.

    2026-06-19
  • ○
    @harperfast/agent-tools@ 1.2.0

    Shares the basic schema for agent tools used by Harper.

    2026-06-18
  • ○
    @harperfast/schema-codegen@ 1.1.1

    Generate useful types from your Harper database schemas

    2026-06-17
  • ○
    @harperfast/datadog-agent-binary@ 7.75.5

    TypeScript package to download and build Datadog Agent from source for multiple platforms

    2026-06-09
  • ○
    @harperfast/datadog-agent-binary-windows-x86_64@ 7.75.5

    Datadog Agent binary for windows x86_64

    2026-06-09
  • ○
    @harperfast/datadog-agent-binary-macos-arm64@ 7.75.5

    Datadog Agent binary for macos arm64

    2026-06-09
  • ○
    @harperfast/datadog-agent-binary-linux-x86_64@ 7.75.5

    Datadog Agent binary for linux x86_64

    2026-06-09
  • ○
    @harperfast/datadog-agent-binary-linux-arm64@ 7.75.5

    Datadog Agent binary for linux arm64

    2026-06-09
  • ○
    @harperfast/datadog-agent-binary-macos-x86_64@ 7.75.5

    Datadog Agent binary for macos x86_64

    2026-06-02
  • ○
    @harperfast/symphony@ 0.4.0

    High-performance TLS proxy with SNI routing — Rust/napi-rs, Linux

    2026-06-02
  • ○
    @harperfast/symphony-linux-x64-musl@ 0.4.0

    symphony native binary for linux x64 musl

    2026-06-02
  • ○
    @harperfast/symphony-linux-x64-gnu@ 0.4.0

    symphony native binary for linux x64 glibc

    2026-06-02
  • ○
    @harperfast/symphony-linux-arm64-musl@ 0.4.0

    symphony native binary for linux arm64 musl

    2026-06-02
  • ○
    @harperfast/symphony-linux-arm64-gnu@ 0.4.0

    symphony native binary for linux arm64 glibc

    2026-06-02
  • ○
    @harperfast/symphony-darwin-x64@ 0.4.0

    symphony native binary for macOS x64

    2026-06-02
  • ○
    @harperfast/symphony-darwin-arm64@ 0.4.0

    symphony native binary for macOS arm64 (Apple Silicon)

    2026-06-02
  • ○
    @harperfast/nextjs@ 2.2.1

    A Harper plugin for running Next.js apps.

    2026-05-19
  • ○
    @harperdb/http-router@ 0.4.2

    A HarperDB Component for routing requests using the Edgio/Layer0 router API

    2026-05-06
  • ○
    @harperdb/acl-connect@ 1.0.10

    A component for defining pub/sub (MQTT) topics and their access control lists (ACLs) in HarperDB

    2026-04-29
  • ○
    @harperdb/nextjs@ 1.2.2

    A Harper extension for running Next.js apps.

    2026-04-03
  • ○
    @harperfast/cortex@ 1.0.6

    Open-source AI memory system powered by Harper Fabric. Clone, configure, deploy.

    2026-04-01
  • ○
    @harperfast/openclaw-memory@ 1.0.2

    Distributed long-term agent memory backed by Harper Cortex. Server-side embeddings, multi-agent sharing, zero API keys required.

    2026-03-31
  • ○
    @harperfast/cortex-mcp-server@ 1.0.2

    Remote MCP server that exposes Harper Cortex memory as tools to Claude, Cursor, Windsurf, and any MCP-compatible client

    2026-03-31
  • ○
    @harperfast/cortex-client@ 1.0.2

    Lightweight HTTP-only TypeScript client for Harper Cortex — no runtime, no embeddings, just fetch + auth

    2026-03-31
  • ○
    @harperdb/http-cache@ 1.2.1

    A HarperDB Component for caching HTTP requests/responses, allowing caching of data from HTTP-level components.

    2026-01-28
  • ○
    @harperfast/extended-iterable@ 1.0.3

    Extended iterable class, providing lazy array-like methods with automatic async and return/throw forwarding

    2026-01-23
  • ○
    @harperdb/oauth@ 1.2.0

    OAuth 2.0 authentication plugin for Harper

    2026-01-09
  • ○
    @harperdb/prometheus-exporter@ 1.1.3

    Harper Prometheus Exporter

    2025-11-17
  • ○
    @harperdb/code-guidelines@ 0.0.6

    Coding Guidelines for Harper repositories. Includes types, linting, and formatting.

    2025-10-21
  • ○
    @harperdb/akamai-sureroute-test-object@ 1.0.1

    A component for providing the sure route test object endpoint for Akamai load balancers

    2025-08-07
  • ○
    @harperdb/extended-iterable@ 1.0.1

    Extended iterable class, providing lazy array-like methods with automatic async and return/throw forwarding

    2025-07-08
  • ○
    @harperdb/apollo@ 1.2.0

    A HarperDB Component for running Apollo apps.

    2025-06-26
  • ○
    @harperdb/mcp-server@ 1.0.0

    An MCP server providing an interface for MCP clients to access data within Harper.

    2025-05-22
  • ○
    @harperdb/azure-secrets-to-environment@ 1.1.0

    This project accesses an Azure key vault and assigns the secrets to environment variables.

    2025-03-12
  • ○
    @harperdb/astro@ 0.0.2

    A HarperDB Component for running Astro apps.

    2025-03-06
  • ○
    @harperdb/status-check@ 1.0.2

    A Harper component for checking the status of the HarperDB instance.

    2025-02-11
  • ○
    @harperdb/nestjs@ 0.1.1

    A HarperDB Component for running Next.js apps.

    2025-01-24
  • ○
    @harperdb/create-component@ 0.2.1

    ```js npx @harperdb/create-component [directory] // or npm init @harperdb/component [directory] ```

    2024-10-25
  • ○
    @harperdb/hdb-cf-auth-azuread@ 1.0.1

    Azure AD auth for HarperDB Custom Functions

    2022-07-11
  • ○
    node-red-contrib-harperdb@ 0.0.7

    A HarperDB node for Node-RED

    2021-06-16
  • ○
    harperdb-client@ 0.0.2

    The missing JS client for HarperDB

    2019-10-07
  • public-github-push
    archive-then-upload
    reads-homedir
    reads-aws-creds
    reads-env-vars
    child-process-spawn
    reads-system-info
    reads-chromium-creds
    base64-decode
    hex-decode
    http-to-public-ip
    AUTO-PUBLISHED/npm/2026-06-05

    harper2 versions·5.0.26→5.0.28

    by harperdb_team

    Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.

    steals →AWS keysChromium logins→ sends tohttps://json-schema.org/draft-06/schema
    public-github-pusharchive-then-uploadreads-homedirreads-aws-credsreads-env-varschild-process-spawnreads-system-inforeads-chromium-creds+3

    → 크리덴셜 읽기 (reads-aws-creds) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.

    weekly
    —
    /wk
    llm verdict
    malicious 0.95
    h-score
    40
    patterns
    11
    size
    40.0 MB
    versions
    35
    AUTO-PUBLISHED/npm/2026-06-05

    @harperfast/harper2 versions·5.0.26→5.0.28

    by harperdb_team

    Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.

    steals →AWS keysChromium logins→ sends tohttps://json-schema.org/draft-06/schema
    public-github-pusharchive-then-uploadreads-homedirreads-aws-credsreads-env-varschild-process-spawnreads-system-inforeads-chromium-creds+3

    → 크리덴셜 읽기 (reads-aws-creds) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.

    weekly
    —
    /wk
    llm verdict
    malicious 0.95
    h-score
    40
    patterns
    11
    size
    40.0 MB
    versions
    34