← Back to Actors
Contagious Interview
Contagious InterviewDeceptiveDevelopmentGwisin GangTenacious PungsanDEV#POPPERPurpleBravoTAG-121
[Contagious Interview](https://attack.mitre.org/groups/G1052) is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials. [Contagious Interview](https://attack.mitre.org/groups/G1052) targets Windows, Linux, and macOS systems, with a particular focus on individuals engaged in software development and cryptocurrency-related activities. (Citation: Validin Contagious Interview North Korea ClickFix January 2025)(Citation: Esentire ContagiousInterview BeaverTail Invi...
56
Techniques
44
Covered
12
Gaps
79%
Coverage
Coverage44/56
GAPS (12)
T1573.001Symmetric CryptographyT1583.003Virtual Private ServerT1585Establish AccountsT1585.001Social Media AccountsT1585.002Email AccountsT1588.007Artificial IntelligenceT1593Search Open Websites/DomainsT1593.001Social MediaT1681Search Threat Vendor DataT1683.001Written ContentT1683.002Audio-Visual ContentT1684.001Impersonation
COVERED (44)
T1027.010Command Obfuscation38 det.T1027.013Encrypted/Encoded File8 det.T1036Masquerading525 det.T1041Exfiltration Over C2 Channel31 det.T1048.003Exfiltration Over Unencrypted Non-C2 Protocol21 det.T1059.003Windows Command Shell82 det.T1059.004Unix Shell155 det.T1059.005Visual Basic68 det.T1059.006Python49 det.T1059.007JavaScript61 det.T1070.004File Deletion42 det.T1071.003Mail Protocols4 det.T1082System Information Discovery86 det.T1083File and Directory Discovery48 det.T1090Proxy46 det.T1204.001Malicious Link10 det.T1204.002Malicious File425 det.T1204.004Malicious Copy and Paste8 det.T1204.005Malicious Library1 det.T1219.002Remote Desktop Software50 det.T1480Execution Guardrails1 det.T1497Virtualization/Sandbox Evasion12 det.T1543.001Launch Agent10 det.T1546.004Unix Shell Configuration Modification14 det.T1547.001Registry Run Keys / Startup Folder53 det.T1547.013XDG Autostart Entries5 det.T1555.001Keychain7 det.T1562.001Disable or Modify Tools311 det.T1566.003Spearphishing via Service88 det.T1567Exfiltration Over Web Service45 det.T1567.002Exfiltration to Cloud Storage29 det.T1571Non-Standard Port16 det.T1583Acquire Infrastructure1 det.T1583.001Domains61 det.T1583.006Web Services1 det.T1587Develop Capabilities4 det.T1587.001Malware10 det.T1588.002Tool13 det.T1589Gather Victim Identity Information1 det.T1593.003Code Repositories2 det.T1608.001Upload Malware3 det.T1656Impersonation184 det.T1657Financial Theft14 det.T1685Disable or Modify Tools278 det.