Contagious Interview

Active

Also known as: Contagious Interview, DeceptiveDevelopment, Gwisin Gang, Tenacious Pungsan, DEV#POPPER, PurpleBravo, TAG-121

🌍

Other

Active Since

2025

MITRE ID

G1052

Techniques

[Contagious Interview](https://attack.mitre.org/groups/G1052) is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials. [Contagious Interview](https://attack.mitre.org/groups/G1052) targets Windows, Linux, and macOS systems, with a particular focus on individuals engaged in software development and cryptocurrency-related activities. (Citation: Validin Contagious Interview North Korea ClickFix January 2025)(Citation: Esentire ContagiousInterview BeaverTail InvisibleFerret November 2024)(Citation: Datadog Contagious Interview Tenacious Pungsan October 2024)(Citation: Recorded Future Contagious Inteview BeaverTail InvisibleFerret OtterCookie February 2025)(Citation: ESET Contagious Interview BeaverTail InvisibleFerret February 2025)(Citation: Zscaler ContagiousInterview BeaverTail InvisibleFerret November 2024)(Citation: PaloAlto ContagiousInterview BeaverTail InvisibleFerret November 2023)(Citation: PaloAlto Unit42 ContagiousInterview BeaverTail InvisibileFerret October 2024)

MITRE ATT&CK Techniques

Recon5

T1593.003Code Repositories

T1589Gather Victim Identity Information

T1593Search Open Websites/Domains

T1681Search Threat Vendor Data

T1593.001Social Media

Resource12

T1583Acquire Infrastructure

T1588.007Artificial Intelligence

T1587Develop Capabilities

T1583.001Domains

T1585.002Email Accounts

T1585Establish Accounts

T1587.001Malware

T1585.001Social Media Accounts

+4 more

Initial1

T1566.003Spearphishing via Service

Exec9

T1059.007JavaScript

T1204.004Malicious Copy and Paste

T1204.002Malicious File

T1204.005Malicious Library

T1204.001Malicious Link

T1059.006Python

T1059.004Unix Shell

T1059.005Visual Basic

+1 more

Persist3

T1543.001Launch Agent

T1547.001Registry Run Keys / Startup Folder

T1547.013XDG Autostart Entries

PrivEsc1

T1546.004Unix Shell Configuration Modification

Defense8

T1027.010Command Obfuscation

T1562.001Disable or Modify Tools

T1027.013Encrypted/Encoded File

T1480Execution Guardrails

T1070.004File Deletion

T1656Impersonation

T1036Masquerading

T1497Virtualization/Sandbox Evasion

Creds1

T1555.001Keychain

Discovery2

T1083File and Directory Discovery

T1082System Information Discovery

Lateral0

Collect0

C25

T1071.003Mail Protocols

T1571Non-Standard Port

T1090Proxy

T1219.002Remote Desktop Software

T1573.001Symmetric Cryptography

Exfil4

T1041Exfiltration Over C2 Channel

T1048.003Exfiltration Over Unencrypted Non-C2 Protocol

T1567Exfiltration Over Web Service

T1567.002Exfiltration to Cloud Storage

Impact1

T1657Financial Theft

Known Victims

live · just now

No victims recorded in ransomware.live for this group.