If anyone cares…
Did a bit deeper investigation into one of the “spam-copies”. So far I have assumed them being exact copies of xIFr 2.12.0, but never checked every single line in all the files.
But I found out how to create a little powershell script comparing every file in two unpacked extensions. And it turns out there are two differences between the tagged 2.12.0 release in my repository and the “spam-copy”. One is reformatting and insertion of an “id” in the manifest file. I believe that is done by AMO when uploading an extension, so to be expected. The other one, is the inclusion of a single little extra commit I did into my repository the day after I tagged and packed version 2.12.0.
So in conclusion, the spammer did not just take the 2.12.0 release-version that can be found tagged and packed in my repository. But have packed it manually (zipping content of a folder) from a snapshot of my repository in the period July 16th - August 16th.
So note to myself. Careful calling it exact copies of version 2.12.0. But it is still only code from my repository.
There are still no response on the reported 9 new copies I have found posted since first “cleanup” in the middle of November. I hope Mozilla is “just” busy, and it is not because they have any doubts if extensions should be deleted or not?