endpointmap

Metadata-only C2 store. lib/registry.js holds the XOR-encoded C2 host and path as byte arrays _ep and _p, disguised as 'endpoint registry constants'. No executable logic and no install hook, so the package is inert in isolation. The procwire dropper decodes _ep/_p with an XOR key derived from this package's OWN name (Buffer.from('endpointmap').slice(0,8) = 'endpoint'). Decoded C2: https://files.catbox.moe/j4loim.chk. Depends on bytecraft. Maintainer [email protected], fabricated GitHub org vpetrov-oss.