Now that the cat is out of the bag regarding the use of front companies like BlockNovas LLC
2025-04-25 • Team Cymru •
The archived post ties BlockNovas and related Contagious Interview activity to Russian TransTelecom IP infrastructure previously highlighted in Trend Micro's reporting. The author says the relevant public IPs sit in ranges assigned to InvestStroyTrest, a company that operates ferry service between North Korea and Russia and maintains an office in Rajin. The short source does not add malware analysis, but it provides infrastructure context for DPRK linked front company activity and Russian network ranges observed with DPRK linked operations over several years.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| IPv4 | 188.43.33.250 | 2025-04-23 | 2025-09-17 |
| DOMAIN | blocknovas.com | 2025-04-23 | 2025-04-25 |
| IPv4 | 188.43.33.251 | 2025-04-23 | 2025-04-25 |
Related Actors
Related Reports
2025-04-24 •
93% Match
Contagious Interview (DPRK) Launches a New Campaign Creating Three Front Companies to Deliver a Trio of Malware
Silentpush
Shares tag: ContagiousInterview • Shares 1 IOC • Published within a week
Shares tag: ContagiousInterview • Published within a month
Shares tag: ContagiousInterview • Published within a month
Shares tag: ContagiousInterview • Published within a month
2025-04-25 •
80% Match
#ContagiousInterview
#Tsunami
#T1082
#T1587.001
#T1020
#T1555
#T1083
#T1027
#T1204
#T1053.005
#T1539
#T1566
#T1059
#T1589.001
#T1562.001
#T1562.004
#T1547
#T1608
#T1056
#T1584.005
#T1496.001
Shares tag: ContagiousInterview • Published within a week
Shares tag: ContagiousInterview • Published within a month