Contagious Interview (DPRK) Launches a New Campaign Creating Three Front Companies to Deliver a Trio of Malware
2025-04-24 • Silentpush •
https://www.silentpush.com/blog/contagious-interview-front-companies/
Silent Push attributes a Contagious Interview campaign to DPRK aligned operators using three fake cryptocurrency consulting companies: BlockNovas, Angeloper Agency and SoftGlide. The campaign uses job interview lures, GitHub and freelancer or recruitment sites to deliver BeaverTail, InvisibleFerret and OtterCookie malware. Silent Push tied lianxinxiao[.]com to BeaverTail and InvisibleFerret command and control and staging activity, documented fake BlockNovas interview flows, and found infrastructure including skill assessment sites, GitHub repositories, a status dashboard and Hashtopolis. The front companies also relied on AI generated employee images and fake personas, reinforcing how this cluster blends social engineering, malware delivery and cryptocurrency targeting.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| DOMAIN | outlook.com | 2018-09-06 | 2026-04-17 |
| IPv4 | 38.32.68.195 | 2025-02-25 | 2026-04-12 |
| DOMAIN | calendly.com | 2024-10-29 | 2026-03-02 |
| IPv4 | 77.247.126.189 | 2025-02-25 | 2026-02-22 |
| IPv4 | 70.39.70.194 | 2025-02-25 | 2026-02-22 |
| IPv4 | 194.33.45.162 | 2025-02-25 | 2026-01-21 |
| IPv4 | 23.106.169.120 | 2025-02-25 | 2026-01-21 |
| IPv4 | 45.86.208.162 | 2025-02-25 | 2026-01-21 |
| IPv4 | 23.106.161.1 | 2025-02-25 | 2026-01-21 |
| IPv4 | 91.239.130.102 | 2025-02-25 | 2026-01-21 |
| IPv4 | 208.115.228.234 | 2025-02-25 | 2026-01-21 |
| IPv4 | 38.170.181.10 | 2025-01-26 | 2026-01-21 |
| DOMAIN | ip-api.com | 2022-11-14 | 2026-01-21 |
| [email protected] | 2025-02-25 | 2025-12-16 | |
| IPv4 | 70.32.3.15 | 2025-02-25 | 2025-09-04 |
| DOMAIN | camdriversupport.com | 2025-02-25 | 2025-08-25 |
| [email protected] | 2025-04-24 | 2025-06-19 | |
| IPv4 | 209.127.117.234 | 2025-02-25 | 2025-05-30 |
| DOMAIN | blocknovas.com | 2025-04-23 | 2025-04-25 |
| [email protected] | 2025-04-24 | 2025-04-24 | |
| [email protected] | 2025-04-24 | 2025-04-24 | |
| [email protected] | 2025-04-24 | 2025-04-24 | |
| [email protected] | 2025-04-24 | 2025-04-24 | |
| [email protected] | 2025-04-24 | 2025-04-24 | |
| [email protected] | 2025-04-24 | 2025-04-24 | |
| [email protected] | 2025-04-24 | 2025-04-24 | |
| [email protected] | 2025-04-24 | 2025-04-24 | |
| [email protected] | 2025-04-24 | 2025-04-24 | |
| [email protected] | 2025-04-24 | 2025-04-24 | |
| [email protected] | 2025-04-24 | 2025-04-24 | |
| [email protected] | 2025-04-24 | 2025-04-24 | |
| rodriguezjamesdaniel0807@gmail.… | 2025-04-24 | 2025-04-24 | |
| [email protected] | 2025-04-24 | 2025-04-24 | |
| [email protected] | 2025-04-24 | 2025-04-24 | |
| [email protected] | 2025-04-24 | 2025-04-24 | |
| URL | https://easydriver.cloud/nvidia… | 2025-04-24 | 2025-04-24 |
| URL | https://gitlab.blocknovas.com/s… | 2025-04-24 | 2025-04-24 |
| URL | https://api.camdriversupport.co… | 2025-04-24 | 2025-04-24 |
| DOMAIN | hive.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | mail.blocknova.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | futureexchange.io | 2025-04-24 | 2025-04-24 |
| DOMAIN | signalhire.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | nftkeepers.io | 2025-04-24 | 2025-04-24 |
| DOMAIN | nobleblocks.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | oasispromarkets.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | smartwhales.ai | 2025-04-24 | 2025-04-24 |
| DOMAIN | bitvalve.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | godex.io | 2025-04-24 | 2025-04-24 |
| DOMAIN | server.attisscmo.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | latoken.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | yourbijouxbox.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | bookings.blocknovas.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | marqeta.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | blocknovas.zohorecruit.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | cryptojobslist.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | henrykdiamonds.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | kaisa.io | 2025-04-24 | 2025-04-24 |
| DOMAIN | attisscmo.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | phemex.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | suillama.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | gitlab.blocknovas.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | remaker.ai | 2025-04-24 | 2025-04-24 |
| DOMAIN | cryptotask.org | 2025-04-24 | 2025-04-24 |
| DOMAIN | lianxinxiao.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | mehmetdemir.angeloper.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | nyxcipher.ai | 2025-04-24 | 2025-04-24 |
| DOMAIN | chat.blocknovas.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | softglide.co | 2025-04-24 | 2025-04-24 |
| DOMAIN | kryptoneer.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | cluster0-shard-00-02.r3fs6.mong… | 2025-04-24 | 2025-04-24 |
| DOMAIN | cluster0-shard-00-01.r3fs6.mong… | 2025-04-24 | 2025-04-24 |
| DOMAIN | bigrocks918.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | allpurposecreams.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | oliveandchain.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | apply.blocknovas.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | hunt-crypto.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | angeloper.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | thirdwork.xyz | 2025-04-24 | 2025-04-24 |
| DOMAIN | gitlab.blocknova.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | intch.org | 2025-04-24 | 2025-04-24 |
| DOMAIN | getonbrd.com | 2025-04-24 | 2025-04-24 |
| DOMAIN | arabiancamels.io | 2025-04-24 | 2025-04-24 |
| IPv4 | 136.143.190.199 | 2025-04-24 | 2025-04-24 |
| IPv4 | 86.104.74.169 | 2025-04-24 | 2025-04-24 |
| IPv4 | 37.221.126.117 | 2025-04-24 | 2025-04-24 |
| IPv4 | 37.211.126.117 | 2025-04-24 | 2025-04-24 |
| IPv4 | 198.255.45.131 | 2025-04-24 | 2025-04-24 |
| IPv4 | 188.114.97.2 | 2025-04-24 | 2025-04-24 |
| IPv4 | 95.164.33.66 | 2025-04-24 | 2025-04-24 |
| IPv4 | 188.114.96.2 | 2025-04-24 | 2025-04-24 |
| DOMAIN | mail.blocknovas.com | 2025-04-23 | 2025-04-24 |
| IPv4 | 167.88.39.141 | 2025-04-23 | 2025-04-24 |
| IPv4 | 204.188.233.66 | 2025-02-25 | 2025-04-24 |
| IPv4 | 66.118.255.35 | 2025-02-25 | 2025-04-24 |
| IPv4 | 174.128.251.99 | 2024-09-23 | 2025-04-24 |
| IPv4 | 155.94.255.2 | 2024-09-23 | 2025-04-24 |
| IPv4 | 199.115.99.34 | 2024-09-23 | 2025-04-24 |
| IPv4 | 70.39.103.3 | 2023-07-12 | 2025-04-24 |
Related Actors
Related Reports
Shares tags: ContagiousInterview, FamousChollima, OtterCookie • Published within a month
Shares tags: ContagiousInterview, BeaverTail • Published within a month
Shares tags: ContagiousInterview, OtterCookie • Published within a month
Shares tags: ContagiousInterview, OtterCookie • Published within a month
2025-04-04 •
53% Match
Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads
Socket
Shares tags: ContagiousInterview, BeaverTail • Published within a month
Shares tags: ContagiousInterview, ClickFix • Published within a month