← Back to Actors
Contagious Interview
Contagious InterviewDeceptiveDevelopmentGwisin GangTenacious PungsanDEV#POPPERPurpleBravoTAG-121
[Contagious Interview](https://attack.mitre.org/groups/G1052) is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials. [Contagious Interview](https://attack.mitre.org/groups/G1052) targets Windows, Linux, and macOS systems, with a particular focus on individuals engaged in software development and cryptocurrency-related activities. (Citation: Validin Contagious Interview North Korea ClickFix January 2025)(Citation: Esentire ContagiousInterview BeaverTail Invi...
56
Techniques
44
Covered
12
Gaps
79%
Coverage
Coverage44/56
GAPS (12)
T1573.001Symmetric CryptographyT1583.003Virtual Private ServerT1585Establish AccountsT1585.001Social Media AccountsT1585.002Email AccountsT1588.007Artificial IntelligenceT1593Search Open Websites/DomainsT1593.001Social MediaT1681Search Threat Vendor DataT1683.001Written ContentT1683.002Audio-Visual ContentT1684.001Impersonation
COVERED (44)
T1027.010Command Obfuscation38 det.T1027.013Encrypted/Encoded File8 det.T1036Masquerading572 det.T1041Exfiltration Over C2 Channel32 det.T1048.003Exfiltration Over Unencrypted Non-C2 Protocol22 det.T1059.003Windows Command Shell83 det.T1059.004Unix Shell165 det.T1059.005Visual Basic69 det.T1059.006Python51 det.T1059.007JavaScript63 det.T1070.004File Deletion43 det.T1071.003Mail Protocols4 det.T1082System Information Discovery86 det.T1083File and Directory Discovery48 det.T1090Proxy48 det.T1204.001Malicious Link11 det.T1204.002Malicious File441 det.T1204.004Malicious Copy and Paste9 det.T1204.005Malicious Library1 det.T1219.002Remote Desktop Software52 det.T1480Execution Guardrails1 det.T1497Virtualization/Sandbox Evasion12 det.T1543.001Launch Agent10 det.T1546.004Unix Shell Configuration Modification14 det.T1547.001Registry Run Keys / Startup Folder53 det.T1547.013XDG Autostart Entries5 det.T1555.001Keychain7 det.T1562.001Disable or Modify Tools316 det.T1566.003Spearphishing via Service96 det.T1567Exfiltration Over Web Service46 det.T1567.002Exfiltration to Cloud Storage31 det.T1571Non-Standard Port17 det.T1583Acquire Infrastructure1 det.T1583.001Domains62 det.T1583.006Web Services1 det.T1587Develop Capabilities4 det.T1587.001Malware10 det.T1588.002Tool13 det.T1589Gather Victim Identity Information1 det.T1593.003Code Repositories2 det.T1608.001Upload Malware3 det.T1656Impersonation223 det.T1657Financial Theft15 det.T1685Disable or Modify Tools279 det.