Trusted Design

Contagious Interview

アクターID: G1052

· MITRE Pageへのリンク

脅威アクターの詳細

Contagious Interview is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials. Contagious Interview targets Windows, Linux, and macOS systems, with a particular focus on individuals engaged in software development and cryptocurrency-related activities. (Citation: Validin Contagious Interview North Korea ClickFix January 2025)(Citation: Esentire ContagiousInterview BeaverTail InvisibleFerret November 2024)(Citation: Datadog Contagious Interview Tenacious Pungsan October 2024)(Citation: Recorded Future Contagious Inteview BeaverTail InvisibleFerret OtterCookie February 2025)(Citation: ESET Contagious Interview BeaverTail InvisibleFerret February 2025)(Citation: Zscaler ContagiousInterview BeaverTail InvisibleFerret November 2024)(Citation: PaloAlto ContagiousInterview BeaverTail InvisibleFerret November 2023)(Citation: PaloAlto Unit42 ContagiousInterview BeaverTail InvisibileFerret October 2024)

脅威アクターの別名・別称

Contagious Interview
DeceptiveDevelopment
Gwisin Gang
Tenacious Pungsan
DEV#POPPER
PurpleBravo
TAG-121

利用した攻撃手法

• T1033 - System Owner/User Discovery
• T1044 - File System Permissions Weakness
• T1491.002 - External Defacement
• T1546.013 - PowerShell Profile
• T1565.001 - Stored Data Manipulation
• T1606.002 - SAML Tokens
• T1087.002 - Domain Account
• T1071.005 - Publish/Subscribe Protocols
• T1120 - Peripheral Device Discovery
• T1091 - Replication Through Removable Media
• T1586.003 - Cloud Accounts
• T1098.007 - Additional Local or Domain Groups
• T1558 - Steal or Forge Kerberos Tickets
• T1547.005 - Security Support Provider
• T1131 - Authentication Package
• T1021.006 - Windows Remote Management
• T1183 - Image File Execution Options Injection
• T1218.008 - Odbcconf
• T1045 - Software Packing
• T1016 - System Network Configuration Discovery
• T1175 - Component Object Model and Distributed COM
• T1219.001 - IDE Tunneling
• T1064 - Scripting
• T1552.003 - Shell History
• T1562.010 - Downgrade Attack
• T1608.005 - Link Target
• T1087.004 - Cloud Account
• T1679 - Selective Exclusion
• T1102.003 - One-Way Communication
• T1199 - Trusted Relationship
• T1686.002 - Network Device Firewall
• T1597 - Search Closed Sources
• T1562.001 - Disable or Modify Tools
• T1565 - Data Manipulation
• T1564.009 - Resource Forking
• T1690 - Prevent Command History Logging
• T1056 - Input Capture
• T1030 - Data Transfer Size Limits
• T1027.004 - Compile After Delivery
• T1656 - Impersonation
• T1059.006 - Python
• T1591.004 - Identify Roles
• T1565.002 - Transmitted Data Manipulation
• T1601.001 - Patch System Image
• T1070.009 - Clear Persistence
• T1027.010 - Command Obfuscation
• T1651 - Cloud Administration Command
• T1221 - Template Injection
• T1126 - Network Share Connection Removal
• T1027.018 - Invisible Unicode
• T1547.008 - LSASS Driver
• T1556 - Modify Authentication Process

関連するCVE (攻撃手法に関連)

• CVE-2015-5130 (T1547.008)
• CVE-2015-5134 (T1547.008)
• CVE-2015-5539 (T1547.008)
• CVE-2015-5557 (T1547.008)
• CVE-2015-5563 (T1547.008)
• CVE-2015-5559 (T1547.008)
• CVE-2015-5561 (T1547.008)
• CVE-2015-5551 (T1547.008)
• CVE-2015-5564 (T1547.008)
• CVE-2015-5565 (T1547.008)
• CVE-2015-5550 (T1547.008)
• CVE-2015-5566 (T1547.008)
• CVE-2015-5127 (T1547.008)
• CVE-2015-5556 (T1547.008)
• CVE-2015-7261 (T1027.018)
• CVE-2015-8286 (T1565.002)
• CVE-2016-9494 (T1027.018)
• CVE-2016-9496 (T1027.018)
• CVE-2016-9495 (T1027.018)
• CVE-2014-7911 (T1597)
• CVE-2017-16929 (T1027.018)
• CVE-2014-0556 (T1547.008)
• CVE-2012-5054 (T1059.006)
• CVE-2013-2595 (T1597)
• CVE-2011-0611 (T1547.008)
• CVE-2017-0001 (T1547.008)
• CVE-2023-1389 (T1547.008)
• CVE-2016-1898 (T1027.018)
• CVE-2016-1897 (T1027.018)
• CVE-2015-0932 (T1059.006)
• CVE-2014-0322 (T1027.018)
• CVE-2015-2419 (T1027.018)
• CVE-2016-0189 (T1027.018)
• CVE-2015-3043 (T1027.018)
• CVE-2016-1990 (T1219.001)
• CVE-2016-1991 (T1219.001)
• CVE-2015-2852 (T1027.018)
• CVE-2015-2854 (T1027.018)
• CVE-2015-2853 (T1027.018)
• CVE-2016-1287 (T1547.008)
• CVE-2016-1562 (T1059.006)
• CVE-2012-0507 (T1547.008)
• CVE-2013-2465 (T1547.008)
• CVE-2013-7331 (T1059.006)
• CVE-2016-4117 (T1219.001)
• CVE-2025-68645 (T1027.018)
• CVE-2014-4114 (T1027.018)
• CVE-2015-1770 (T1027.018)
• CVE-2015-2545 (T1027.018)
• CVE-2017-0199 (T1027.018)
• CVE-2012-0158 (T1027.018)
• CVE-2013-3906 (T1221)
• CVE-2014-6352 (T1221)
• CVE-2015-0016 (T1027.018)
• CVE-2010-3333 (T1027.018)
• CVE-2010-0188 (T1027.018)
• CVE-2010-2884 (T1591.004)
• CVE-2013-0640 (T1591.004)
• CVE-2015-0310 (T1059.006)
• CVE-2015-5119 (T1027.018)
• CVE-2015-5122 (T1027.018)
• CVE-2012-1856 (T1027.018)
• CVE-2015-2546 (T1547.008)
• CVE-2014-6332 (T1027.018)
• CVE-2015-3090 (T1547.008)
• CVE-2015-2590 (T1027.018)
• CVE-2015-2424 (T1027.018)
• CVE-2015-0097 (T1027.018)
• CVE-2014-1761 (T1091)
• CVE-2015-2502 (T1027.018)
• CVE-2014-6271 (T1547.008)
• CVE-2014-4113 (T1027.018)
• CVE-2012-1889 (T1091)
• CVE-2016-1010 (T1547.008)
• CVE-2016-0984 (T1027.018)
• CVE-2016-0998 (T1547.008)
• CVE-2015-1641 (T1027.018)
• CVE-2015-1701 (T1027.018)
• CVE-2015-0313 (T1027.018)
• CVE-2015-0359 (T1027.018)
• CVE-2014-0329 (T1027.018)
• CVE-2015-5540 (T1547.008)
• CVE-2015-3628 (T1219.001)
• CVE-2015-6034 (T1059.006)
• CVE-2012-4969 (T1027.018)
• CVE-2015-6585 (T1175)
• CVE-2015-6022 (T1027.018)
• CVE-2015-8287 (T1059.006)
• CVE-2016-2343 (T1059.006)
• CVE-2017-0263 (T1547.008)
• CVE-2017-0261 (T1027.018)
• CVE-2017-0262 (T1027.018)
• CVE-2025-55182 (T1027.018)
• CVE-2015-0311 (T1027.018)
• CVE-2010-3081 (T1059.006)
• CVE-2012-3213 (T1027.018)
• CVE-2012-4792 (T1027.018)
• CVE-2015-0336 (T1547.008)
• CVE-2011-3544 (T1027.018)
• CVE-2015-3636 (T1597)
• CVE-2013-6282 (T1059.006)
• CVE-2015-3105 (T1030)
• CVE-2017-17215 (T1027.018)
• CVE-2013-0074 (T1027.018)
• CVE-2013-2551 (T1027.018)
• CVE-2012-4681 (T1027.018)
• CVE-2014-1776 (T1027.018)
• CVE-2012-1876 (T1027.018)
• CVE-2015-0057 (T1027.018)
• CVE-2012-2539 (T1027.018)
• CVE-2015-0071 (T1027.018)
• CVE-2012-1723 (T1027.018)
• CVE-2015-1761 (T1027.018)
• CVE-2014-8440 (T1027.018)
• CVE-2013-3660 (T1027.018)
• CVE-2010-0806 (T1027.018)
• CVE-2015-2360 (T1027.018)
• CVE-2014-4148 (T1027.018)
• CVE-2011-3402 (T1027.018)
• CVE-2014-6324 (T1027.018)
• CVE-2014-7247 (T1547.008)
• CVE-2013-2678 (T1027.018)
• CVE-2015-2426 (T1027.018)
• CVE-2008-1436 (T1059.006)
• CVE-2010-0232 (T1027.018)
• CVE-2010-4398 (T1027.018)
• CVE-2012-6422 (T1547.008)
• CVE-2015-4902 (T1547.008)
• CVE-2014-3897 (T1027.018)
• CVE-2015-2387 (T1027.018)
• CVE-2009-3129 (T1547.008)
• CVE-2010-2572 (T1027.018)
• CVE-2011-1255 (T1027.018)
• CVE-2013-5990 (T1547.008)
• CVE-2017-8570 (T1547.008)
• CVE-2012-0611 (T1027.018)
• CVE-2017-0143 (T1547.008)
• CVE-2025-24893 (T1547.008)
• CVE-2025-31125 (T1027.018)
• CVE-2025-34026 (T1027.018)
• CVE-2025-55183 (T1027.018)
• CVE-2025-55184 (T1027.018)
• CVE-2025-66478 (T1547.008)
• CVE-2026-20127 (T1027.018)
• CVE-2026-0723 (T1219.001)
• CVE-2012-1258 (T1059.006)
• CVE-2014-3153 (T1597)
• CVE-2025-54313 (T1021.006)
• CVE-2015-7645 (T1027.018)
• CVE-2016-2342 (T1608.005)
• CVE-2010-1297 (T1027.018)
• CVE-2013-0634 (T1547.008)
• CVE-2025-13335 (T1059.006)
• CVE-2015-3785 (T1597)
• CVE-2012-0056 (T1059.006)
• CVE-2017-12149 (T1027.018)
• CVE-2015-5897 (T1597)
• CVE-2015-3113 (T1030)
• CVE-2015-4495 (T1030)
• CVE-2016-1019 (T1547.008)
• CVE-2016-1001 (T1547.008)
• CVE-2014-4322 (T1597)
• CVE-2014-0497 (T1030)
• CVE-2014-8439 (T1030)
• CVE-2014-0569 (T1219.001)
• CVE-2014-0515 (T1219.001)
• CVE-2015-5560 (T1219.001)
• CVE-2014-9163 (T1219.001)
• CVE-2014-3393 (T1547.008)
• CVE-2014-2273 (T1597)
• CVE-2010-0738 (T1547.008)
• CVE-2015-7755 (T1608.005)
• CVE-2015-3456 (T1597)
• CVE-2017-3212 (T1059.006)
• CVE-2017-7255 (T1565.002)
• CVE-2015-5749 (T1030)
• CVE-2010-2883 (T1591.004)
• CVE-2025-13927 (T1059.006)
• CVE-2026-1102 (T1059.006)
• CVE-2013-0641 (T1591.004)
• CVE-2010-1553 (T1547.008)
• CVE-2013-2094 (T1027.018)
• CVE-2015-8562 (T1027.018)
• CVE-2015-6036 (T1027.018)
• CVE-2015-1427 (T1547.008)

Actor – Pulse グラフ

---

← 脅威アクター一覧に戻る