A recent forensic analysis of attacks against the Akamai Security Intelligence Response Team’s custom large language model (LLM) honeypot revealed a sophisticated, custom-built threat masquerading as benign system activity, leveraging decentralized networking to evade detection.  This Go-based binary, identified as vc , operates as a high-threat peer-to-peer (P2P) remote access Trojan (RAT) that functions as a backdoor and cryptominer dropper. It can execute commands on the OS as the Ollama process owner. The binary uses UPX compression; defenders can reverse this using the standard UPX tool.  We provide the steps for immediate mitigation and include a list of indicators of compromise (IOCs) in this blog post to assist in defense against this threat. The attack began with API requests targeting endpoint /api/create on port 11434.…