Contagious Interview
Contents
Contagious Interview is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials. Contagious Interview targets Windows, Linux, and macOS systems, with a particular focus on individuals engaged in software development and cryptocurrency-related activities. [1][2][3][4][5][6][7][8]
| Name | Description |
|---|---|
| DeceptiveDevelopment | |
| Gwisin Gang | |
| Tenacious Pungsan | |
| DEV#POPPER | |
| PurpleBravo | |
| TAG-121 |
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1583 | Acquire Infrastructure |
Contagious Interview has used services such as Astrill VPN.[9][4] |
|
| .001 | Domains |
Contagious Interview has registered domains to leverage in their social engineering campaigns.[4][5][8] Contagious Interview has also registered domains to utilize for C2.[9][12][1][13][14][15] |
||
| .003 | Virtual Private Server |
Contagious Interview has acquired virtual private servers from services such as Stark Industries Solutions and RouterHosting.[2][7] Contagious Interview has also utilized …
| Name | Description |
|---|---|
| DeceptiveDevelopment | |
| Gwisin Gang | |
| Tenacious Pungsan | |
| DEV#POPPER | |
| PurpleBravo | |
| TAG-121 |
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1583 | Acquire Infrastructure |
Contagious Interview has used services such as Astrill VPN.[9][4] |
|
| .001 | Domains |
Contagious Interview has registered domains to leverage in their social engineering campaigns.[4][5][8] Contagious Interview has also registered domains to utilize for C2.[9][12][1][13][14][15] |
||
| .003 | Virtual Private Server |
Contagious Interview has acquired virtual private servers from services such as Stark Industries Solutions and RouterHosting.[2][7] Contagious Interview has also utilized …
IoC
http://Tier.Net
[email protected]
[email protected]