Contagious Interview

OriginCoreia do Norte

Techniques (MITRE ATT&CK)54

SourceMITRE ATT&CK

Also known as:DeceptiveDevelopmentGwisin GangTenacious PungsanDEV#POPPERPurpleBravoTAG-121

Vexday analysis

Alinhado à Coreia do Norte e ativo desde 2023, o Contagious Interview (também rastreado como DeceptiveDevelopment, Gwisin Gang, Tenacious Pungsan, DEV#POPPER, PurpleBravo e TAG-121) conduz operações tanto de ciberespionagem quanto com motivação financeira, incluindo o roubo de criptomoedas e credenciais de usuários. O grupo tem como alvo sistemas Windows, Linux e macOS, com foco particular em indivíduos que atuam no desenvolvimento de software e em atividades relacionadas a criptomoedas. Ao grupo são atribuídas 54 técnicas documentadas no MITRE ATT&CK, sob o identificador G1052.

Techniques (MITRE ATT&CK) 54

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Reconnaissance

Gather Victim Identity Information Search Open Websites/Domains Social Media Code Repositories Search Threat Vendor Data

Resource development

Acquire Infrastructure Domains Virtual Private Server Web Services Establish Accounts Social Media Accounts Email Accounts Develop Capabilities Malware Tool Artificial Intelligence Upload Malware Written Content Audio-Visual Content

Initial access

Spearphishing via Service

Execution

Windows Command Shell Unix Shell Visual Basic Python JavaScript Malicious Link Malicious File Malicious Copy and Paste Malicious Library

Persistence

Launch Agent Registry Run Keys / Startup Folder XDG Autostart Entries

Privilege escalation

Unix Shell Configuration Modification

Credential access

Keychain

Discovery

System Information Discovery File and Directory Discovery

Command and control

Mail Protocols Proxy Remote Desktop Software Non-Standard Port Symmetric Cryptography

Exfiltration

Exfiltration Over C2 Channel Exfiltration Over Unencrypted Non-C2 Protocol Exfiltration Over Web Service Exfiltration to Cloud Storage

Impact

Financial Theft

defense-impairment

Disable or Modify Tools

stealth

Command Obfuscation Encrypted/Encoded File Masquerading File Deletion Execution Guardrails Virtualization/Sandbox Evasion Impersonation

Exploited vulnerabilities

No CVEs attributed to this group in public sources (MITRE ATT&CK). Absence of attribution does not mean absence of activity.

Contagious Interview uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →