Hudson Rock analyzed a LummaC2 infostealer log from a machine it identifies as a high-level North Korean threat actor malware development rig. The stolen credentials included [email protected], which Silent Push linked to registration of bybit-assessment[.]com shortly before the $1.4 billion ByBit theft, connecting the machine to broader DPRK infrastructure associated with the heist. Artifacts on the host included Visual Studio Professional 2019, Enigma Protector v7.40, Astrill VPN usage through 104.223.97.2, Chinese-Simplified browser settings, Korean translation activity, cryptocurrency wallet and BitPay troubleshooting, and use of Dropbox, Slack, and Telegram. The report also describes domains such as callapp.us and callservice.us with Zoom-themed subdomains, suggesting phishing infrastructure designed to deliver malware through spoofed conferencing lures.