Additional Notes on the Trevor Greer Infostealer Logs
Contents
A recent post by Hudson Rock detailed information derived from infostealer logs tied to activity associated with the Trevor Greer persona, you know the one trevorgreer9312@gmail[.]com. That write up provides some context around the data and places it with broader reporting on North Korean IT worker activity. If you haven’t seen it, the article can be found here:
While I had originally planned to do a more comprehensive write up of the logs there’s a more detailed write up already written by Slapdash Safeguards that goes into additional detail about the contents of the logs, beyond what Hudson Rock covered: https://www.sdsg.moe/entry/2025/12/10/233030?_x_tr_sl=ja&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=sc
Before going further it’s worth clarifying that just having the presence of a DPRK linked persona in some infostealer logs does not mean that this is directly connected to the Bybit incident itself. Additionally, much of the data appears to be over a year old. AT this point, it is unclear …
While I had originally planned to do a more comprehensive write up of the logs there’s a more detailed write up already written by Slapdash Safeguards that goes into additional detail about the contents of the logs, beyond what Hudson Rock covered: https://www.sdsg.moe/entry/2025/12/10/233030?_x_tr_sl=ja&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=sc
Before going further it’s worth clarifying that just having the presence of a DPRK linked persona in some infostealer logs does not mean that this is directly connected to the Bybit incident itself. Additionally, much of the data appears to be over a year old. AT this point, it is unclear …