북한 위협 행위자 Contagious Interview 캠페인 분석
2025-02-03 • Igloo • Analysis of the North Korean Threat Actor Contagious Interview Campaign •
https://www.igloopedia.com/181f216a-760c-8026-8c0a-ce31a25bbb11
The report analyzes North Korean threat activity tied to the Contagious Interview campaign, where attackers pose as recruiters or employers and approach software developers through job-related channels. It describes malicious project or package delivery through services such as GitHub, NPM, and Bitbucket, with BeaverTail, Invisible Ferret, loaders, wallet theft, browser credential theft, system profiling, and backdoor behavior. Developers and security teams should verify recruiter identities and inspect downloaded coding tests in isolated environments.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| IPv4 | 45.128.52.14 | 2025-01-29 | 2025-11-13 |
| IPv4 | 185.235.241.208 | 2024-08-13 | 2025-11-13 |
| HASH | ef13692228ee8e929c6e2e463b1ec30b | 2024-12-27 | 2025-02-03 |
| HASH | 9154c7d643e6d762dd1ab1df9125e4ea | 2024-12-27 | 2025-02-03 |
| HASH | 01abb0b0fff83bea08eef2a1bd8cb413 | 2024-12-27 | 2025-02-03 |
| HASH | 30ed90b4a570d6ff0c29759bfff491c2 | 2024-12-27 | 2025-02-03 |
| DOMAIN | payloadrpc.com | 2024-12-26 | 2025-02-03 |
| IPv4 | 45.159.248.55 | 2024-12-26 | 2025-02-03 |