EXPLORE
Sign In
← Back to Actors

Contagious Interview

Contagious InterviewDeceptiveDevelopmentGwisin GangTenacious PungsanDEV#POPPERPurpleBravoTAG-121

[Contagious Interview](https://attack.mitre.org/groups/G1052) is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials. [Contagious Interview](https://attack.mitre.org/groups/G1052) targets Windows, Linux, and macOS systems, with a particular focus on individuals engaged in software development and cryptocurrency-related activities. (Citation: Validin Contagious Interview North Korea ClickFix January 2025)(Citation: Esentire ContagiousInterview BeaverTail Invi...

52
Techniques
43
Covered
9
Gaps
83%
Coverage
Coverage43/52

GAPS (9)

T1573.001Symmetric CryptographyT1583.003Virtual Private ServerT1585Establish AccountsT1585.001Social Media AccountsT1585.002Email AccountsT1588.007Artificial IntelligenceT1593Search Open Websites/DomainsT1593.001Social MediaT1681Search Threat Vendor Data

COVERED (43)

T1027.010Command Obfuscation31 det.T1027.013Encrypted/Encoded File7 det.T1036Masquerading493 det.T1041Exfiltration Over C2 Channel30 det.T1048.003Exfiltration Over Unencrypted Non-C2 Protocol20 det.T1059.003Windows Command Shell79 det.T1059.004Unix Shell149 det.T1059.005Visual Basic66 det.T1059.006Python43 det.T1059.007JavaScript58 det.T1070.004File Deletion40 det.T1071.003Mail Protocols4 det.T1082System Information Discovery80 det.T1083File and Directory Discovery48 det.T1090Proxy44 det.T1204.001Malicious Link9 det.T1204.002Malicious File397 det.T1204.004Malicious Copy and Paste8 det.T1204.005Malicious Library1 det.T1219.002Remote Desktop Software48 det.T1480Execution Guardrails1 det.T1497Virtualization/Sandbox Evasion12 det.T1543.001Launch Agent10 det.T1546.004Unix Shell Configuration Modification14 det.T1547.001Registry Run Keys / Startup Folder50 det.T1547.013XDG Autostart Entries5 det.T1555.001Keychain6 det.T1562.001Disable or Modify Tools300 det.T1566.003Spearphishing via Service85 det.T1567Exfiltration Over Web Service44 det.T1567.002Exfiltration to Cloud Storage27 det.T1571Non-Standard Port16 det.T1583Acquire Infrastructure1 det.T1583.001Domains61 det.T1583.006Web Services1 det.T1587Develop Capabilities4 det.T1587.001Malware9 det.T1588.002Tool13 det.T1589Gather Victim Identity Information1 det.T1593.003Code Repositories2 det.T1608.001Upload Malware2 det.T1656Impersonation172 det.T1657Financial Theft12 det.