← All Threat Actors
Threat Actor Profile

Contagious Interview

BadClone Coral Sleet DeceptiveDevelopment DEV#POPPER G1052 Gwisin Gang NICKEL ALLEY PurpleBravo TAG-121 Tenacious Pungsan UNC5342
▲ High Threat
Contagious Interview is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials. Contagious Interview targets Windows, Linux, and macOS systems, with a particular focus on individuals engaged in software development and cryptocurrency-related activities.
Origin

Known TTPs

Keychain
Establish Accounts
File and Directory Discovery
Web Services
Non-Standard Port
Malicious Library
Remote Desktop Software
Masquerading
Malicious File
Virtualization/Sandbox Evasion
Exfiltration Over Web Service
Unix Shell
Malware
Code Repositories
Domains
Spearphishing via Service
Unix Shell Configuration Modification
Written Content
Disable or Modify Tools
Search Threat Vendor Data
Windows Command Shell
Financial Theft
Exfiltration Over Unencrypted Non-C2 Protocol
JavaScript
XDG Autostart Entries
Develop Capabilities
File Deletion
Tool
Launch Agent
Exfiltration Over C2 Channel
Social Media
Acquire Infrastructure
Encrypted/Encoded File
Exfiltration to Cloud Storage
Impersonation
Malicious Copy and Paste
Python
Gather Victim Identity Information
Virtual Private Server
Artificial Intelligence
Proxy
Symmetric Cryptography
Malicious Link
Mail Protocols
System Information Discovery
Search Open Websites/Domains
Command Obfuscation
Upload Malware
Visual Basic
Execution Guardrails
Social Media Accounts
Registry Run Keys / Startup Folder
Email Accounts
Audio-Visual Content

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD