Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery
Contents
NVISO reports a new development to the Contagious Interview campaign. The threat actors have recently resorted to utilizing JSON storage services like JSON Keeper, JSONsilo and npoint.io to host and deliver malware from trojanized code projects, with the lure being a use case or demo project as part of an interview process.
Background
Contagious Interview is a campaign aligned with Democratic People’s Republic of Korea (DPRK) actors that has been active since at least 2023, primarily aimed at financial gain to generate revenue for the regime. The campaign targets software developers across all major operating systems, including Windows, Linux, and macOS, with a particular focus on those involved in cryptocurrency and Web3 projects. Initial access is gained through social engineering tactics, such as ClickFix and fake recruiter profiles, delivering trojanized code during staged job interviews. The most common payloads deployed by this campaign are the BeaverTail and OtterCookie infostealers, along with the …
Background
Contagious Interview is a campaign aligned with Democratic People’s Republic of Korea (DPRK) actors that has been active since at least 2023, primarily aimed at financial gain to generate revenue for the regime. The campaign targets software developers across all major operating systems, including Windows, Linux, and macOS, with a particular focus on those involved in cryptocurrency and Web3 projects. Initial access is gained through social engineering tactics, such as ClickFix and fake recruiter profiles, delivering trojanized code during staged job interviews. The most common payloads deployed by this campaign are the BeaverTail and OtterCookie infostealers, along with the …
IoC
http://hxxps://api.npoint.io/2169940221e8b67d2312
http://147.124.214.129
http://hxxps://api.npoint.io/e6a6bfb97a294115677d
http://hxxps://api.npoint.io/832d58932fcfb3065bc7
http://147.124.197.138
http://hxxps://jsonkeeper.com/b/IXHS4
http://hxxps://pastebin.com/u/ShadowGates1462
http://23.106.70.154
http://hxxps://jsonkeeper.com/b/GNOX4
http://hxxps://github.com/adammajoros250-creator/123456ddd
http://hxxps://www.jsonkeeper.com/b/RZATI
http://hxxps://pastebin.com/u/NotingRobe2871
http://hxxps://api.jsonsilo.com/public/942acd98-8c8c-47d8-8648-0456b740ef8b
http://hxxps://api.npoint.io/f4be0f7713a6fcdaac8b
http://107.189.25.109
http://hxxps://jsonkeeper.com/b/JV43N
http://144.172.97.7
http://hxxps://github.com/meta-stake/RealEstateVC
http://147.124.212.89
http://hxxps://jsonkeeper.com/b/BADWN
http://23.106.253.221
http://45.43.11.201
http://hxxps://jsonkeeper.com/b/IARGW
http://45.61.150.30
http://23.227.202.244
http://hxxps://github.com/TommyMinion/DeFi-Market
http://45.61.133.110
http://165.140.86.227
http://5.253.43.122
http://45.61.151.71
http://hxxps://github.com/parth5805/iGuru-Task
http://147.124.197.149
http://23.106.253.194
http://146.70.253.107
http://66.235.175.109
http://86.104.74.51
http://hxxps://github.com/harrypotter060327-netizen/test_project
http://hxxps://pastebin.com/u/ShadowGates1462_PastPhys9067
http://147.124.212.146
http://146.70.253.107:1224/pdown
http://hxxps://github.com/adammajoros250-creator/demotest
http://hxxps://github.com/meta-stake/RaceStake
http://hxxps://api.npoint.io/cb0f9d0d03f50a5e1ebe
http://hxxps://github.com/adammajoros250-creator/alex111
http://hxxps://api.npoint.io/148984729e1384cbe212
http://185.153.182.241
http://hxxps://jsonkeeper.com/b/8RLOV
http://172.86.98.240
http://hxxp://n34kr3z26f3jzp4ckmwuv5ipqyatumdxhgjgsmucc65jac56khdy5zqd.onion
http://hxxps://www.jsonkeeper.com/b/O2QKK
http://45.61.150.31
http://23.227.202.242
http://45.128.52.14
http://hxxps://github.com/adammajoros250-creator/Apexora-test
http://216.126.229.166
http://hxxps://api.npoint.io/8df659fd009b5af90d35
http://hxxps://api.jsonsilo.com/public/0048f102-336f-45dd-aef6-3641158a4c5d
http://66.235.168.232
http://67.203.7.171
http://88.218.0.78
http://hxxps://pastebin.com/u/NotingRobe2871_FranzStill8494
http://hxxps://api.npoint.io/38acf86b6eb42b51b9c2
http://hxxps://github.com/InfiniGods-Tech/rei
http://172.86.84.38
http://185.235.241.208
http://hxxps://gitlab.com/technicalmanager-group/real-esate
http://hxxps://github.com/harrypotter060327-netizen/Test_Estoken
http://hxxps://www.jsonkeeper.com/b/JNGUQ
http://hxxps://gitlab.com/real-world-assest-tokenization/goldencity
http://hxxps://jsonkeeper.com/b/86H03
http://45.76.160.53
http://hxxps://www.jsonkeeper.com/b/T7Q4V
http://hxxps://api.npoint.io/336c17cbc9abf234d423
http://94.131.97.195
http://144.172.95.226
http://hxxps://api.npoint.io/62755a9b33836b5a6c28
http://147.124.214.131
http://hxxps://github.com/harrypotter060327-netizen/David-test
http://146.70.253.107:1224/client/99/81
http://hxxps://github.com/harrypotter060327-netizen/TEST_LORD
http://hxxps://github.com/harrypotter060327-netizen/eeeee
http://hxxps://api.npoint.io/f6dd89c1dd59234873cb
http://144.172.103.97
http://23.106.253.215
http://146.70.253.10
http://hxxps://github.com/harrypotter060327-netizen/Harry-Potter
http://hxxps://github.com/adammajoros250-creator/bot111
http://hxxps://pastebin.com/u/AmendMinds7934
http://hxxps://jsonkeeper.com/b/FM8D6
http://hxxps://api.npoint.io/03f98fa639fa37675526
http://147.124.214.237
http://hxxps://jsonkeeper.com/b/4NAKK
http://hxxps://jsonkeeper.com/b/E4YPZ
http://hxxps://github.com/carlotalentengine-sketch
http://hxxps://github.com/0x3ca54/arena-world
http://hxxps://jsonkeeper.com/b/6OCFY
http://hxxps://api.npoint.io/a1dbf5a9d5d0636edf76
http://38.92.47.85
http://23.106.253.242
http://hxxps://jsonkeeper.com/b/GCGEX
http://38.92.47.151
http://45.137.213.30
http://95.164.17.24
http://hxxps://github.com/edwardtam919/staking-platform-main
http://hxxps://www.jsonkeeper.com/b/VBFK7
http://67.203.7.163
http://hxxps://gitlab.com/goldencity-group/goldencity-demo
http://hxxps://pastebin.com/u/AmendMinds7934_LoverTumor2853
http://hxxps://github.com/adammajoros250-creator/corex-arc-fork
http://38.92.47.91
http://hxxp://23.254.164.156/introduction-video
http://144.172.100.142
http://23.254.164.156
5.253.43.122
146.70.253.10
38.92.47.85
147.124.214.129
38.92.47.151
144.172.97.7
45.43.11.201
88.218.0.78
45.61.133.110
147.124.212.89
185.235.241.208
86.104.74.51
45.61.150.31
147.124.197.138
67.203.7.163
66.235.175.109
23.106.253.242
23.254.164.156
67.203.7.171
23.227.202.242
45.128.52.14
147.124.214.131
23.106.253.194
147.124.212.146
94.131.97.195
23.227.202.244
23.106.70.154
172.86.84.38
165.140.86.227
23.106.253.215
66.235.168.232
45.61.151.71
147.124.214.237
144.172.100.142
23.106.253.221
45.61.150.30
45.137.213.30
185.153.182.241
216.126.229.166
95.164.17.24
144.172.103.97
172.86.98.240
146.70.253.107
147.124.197.149
38.92.47.91
45.76.160.53
144.172.95.226
107.189.25.109
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
9d9a25482e7e40e8e27fdb5a1d87a1c12839226c85d00c6605036bd1f4235b21
http://147.124.214.129
http://hxxps://api.npoint.io/e6a6bfb97a294115677d
http://hxxps://api.npoint.io/832d58932fcfb3065bc7
http://147.124.197.138
http://hxxps://jsonkeeper.com/b/IXHS4
http://hxxps://pastebin.com/u/ShadowGates1462
http://23.106.70.154
http://hxxps://jsonkeeper.com/b/GNOX4
http://hxxps://github.com/adammajoros250-creator/123456ddd
http://hxxps://www.jsonkeeper.com/b/RZATI
http://hxxps://pastebin.com/u/NotingRobe2871
http://hxxps://api.jsonsilo.com/public/942acd98-8c8c-47d8-8648-0456b740ef8b
http://hxxps://api.npoint.io/f4be0f7713a6fcdaac8b
http://107.189.25.109
http://hxxps://jsonkeeper.com/b/JV43N
http://144.172.97.7
http://hxxps://github.com/meta-stake/RealEstateVC
http://147.124.212.89
http://hxxps://jsonkeeper.com/b/BADWN
http://23.106.253.221
http://45.43.11.201
http://hxxps://jsonkeeper.com/b/IARGW
http://45.61.150.30
http://23.227.202.244
http://hxxps://github.com/TommyMinion/DeFi-Market
http://45.61.133.110
http://165.140.86.227
http://5.253.43.122
http://45.61.151.71
http://hxxps://github.com/parth5805/iGuru-Task
http://147.124.197.149
http://23.106.253.194
http://146.70.253.107
http://66.235.175.109
http://86.104.74.51
http://hxxps://github.com/harrypotter060327-netizen/test_project
http://hxxps://pastebin.com/u/ShadowGates1462_PastPhys9067
http://147.124.212.146
http://146.70.253.107:1224/pdown
http://hxxps://github.com/adammajoros250-creator/demotest
http://hxxps://github.com/meta-stake/RaceStake
http://hxxps://api.npoint.io/cb0f9d0d03f50a5e1ebe
http://hxxps://github.com/adammajoros250-creator/alex111
http://hxxps://api.npoint.io/148984729e1384cbe212
http://185.153.182.241
http://hxxps://jsonkeeper.com/b/8RLOV
http://172.86.98.240
http://hxxp://n34kr3z26f3jzp4ckmwuv5ipqyatumdxhgjgsmucc65jac56khdy5zqd.onion
http://hxxps://www.jsonkeeper.com/b/O2QKK
http://45.61.150.31
http://23.227.202.242
http://45.128.52.14
http://hxxps://github.com/adammajoros250-creator/Apexora-test
http://216.126.229.166
http://hxxps://api.npoint.io/8df659fd009b5af90d35
http://hxxps://api.jsonsilo.com/public/0048f102-336f-45dd-aef6-3641158a4c5d
http://66.235.168.232
http://67.203.7.171
http://88.218.0.78
http://hxxps://pastebin.com/u/NotingRobe2871_FranzStill8494
http://hxxps://api.npoint.io/38acf86b6eb42b51b9c2
http://hxxps://github.com/InfiniGods-Tech/rei
http://172.86.84.38
http://185.235.241.208
http://hxxps://gitlab.com/technicalmanager-group/real-esate
http://hxxps://github.com/harrypotter060327-netizen/Test_Estoken
http://hxxps://www.jsonkeeper.com/b/JNGUQ
http://hxxps://gitlab.com/real-world-assest-tokenization/goldencity
http://hxxps://jsonkeeper.com/b/86H03
http://45.76.160.53
http://hxxps://www.jsonkeeper.com/b/T7Q4V
http://hxxps://api.npoint.io/336c17cbc9abf234d423
http://94.131.97.195
http://144.172.95.226
http://hxxps://api.npoint.io/62755a9b33836b5a6c28
http://147.124.214.131
http://hxxps://github.com/harrypotter060327-netizen/David-test
http://146.70.253.107:1224/client/99/81
http://hxxps://github.com/harrypotter060327-netizen/TEST_LORD
http://hxxps://github.com/harrypotter060327-netizen/eeeee
http://hxxps://api.npoint.io/f6dd89c1dd59234873cb
http://144.172.103.97
http://23.106.253.215
http://146.70.253.10
http://hxxps://github.com/harrypotter060327-netizen/Harry-Potter
http://hxxps://github.com/adammajoros250-creator/bot111
http://hxxps://pastebin.com/u/AmendMinds7934
http://hxxps://jsonkeeper.com/b/FM8D6
http://hxxps://api.npoint.io/03f98fa639fa37675526
http://147.124.214.237
http://hxxps://jsonkeeper.com/b/4NAKK
http://hxxps://jsonkeeper.com/b/E4YPZ
http://hxxps://github.com/carlotalentengine-sketch
http://hxxps://github.com/0x3ca54/arena-world
http://hxxps://jsonkeeper.com/b/6OCFY
http://hxxps://api.npoint.io/a1dbf5a9d5d0636edf76
http://38.92.47.85
http://23.106.253.242
http://hxxps://jsonkeeper.com/b/GCGEX
http://38.92.47.151
http://45.137.213.30
http://95.164.17.24
http://hxxps://github.com/edwardtam919/staking-platform-main
http://hxxps://www.jsonkeeper.com/b/VBFK7
http://67.203.7.163
http://hxxps://gitlab.com/goldencity-group/goldencity-demo
http://hxxps://pastebin.com/u/AmendMinds7934_LoverTumor2853
http://hxxps://github.com/adammajoros250-creator/corex-arc-fork
http://38.92.47.91
http://hxxp://23.254.164.156/introduction-video
http://144.172.100.142
http://23.254.164.156
5.253.43.122
146.70.253.10
38.92.47.85
147.124.214.129
38.92.47.151
144.172.97.7
45.43.11.201
88.218.0.78
45.61.133.110
147.124.212.89
185.235.241.208
86.104.74.51
45.61.150.31
147.124.197.138
67.203.7.163
66.235.175.109
23.106.253.242
23.254.164.156
67.203.7.171
23.227.202.242
45.128.52.14
147.124.214.131
23.106.253.194
147.124.212.146
94.131.97.195
23.227.202.244
23.106.70.154
172.86.84.38
165.140.86.227
23.106.253.215
66.235.168.232
45.61.151.71
147.124.214.237
144.172.100.142
23.106.253.221
45.61.150.30
45.137.213.30
185.153.182.241
216.126.229.166
95.164.17.24
144.172.103.97
172.86.98.240
146.70.253.107
147.124.197.149
38.92.47.91
45.76.160.53
144.172.95.226
107.189.25.109
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
9d9a25482e7e40e8e27fdb5a1d87a1c12839226c85d00c6605036bd1f4235b21