← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms | SentinelOne
WHITE Lazarus Tr1sa111 2025-09-09 Modified: 2025-10-09
49
IOCs
MEDIUM VOLUME
A joint investigation by SentinelLABS, Validin, and other partner organizations has identified North Korean threat actors involved in the Contagious Interview campaign, which exposed the infrastructure of a suspected APT umbrella cluster.
validinmarchsentinellabsvirustotalip addresscontagiousdropclickfixmaltraillazarusvalidin useapriljunedateteamrobinhoodscarcruftcontagious interviewtalentcheck
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
TalentCheck Contagious Interview ClickFix
Indicators of Compromise (49)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 b817f6b5f0f1cabe6194bea457bdc372 MD5 of 24042a8eea9b9c20af1f7bae00296b44968a068f 2025-09-09
FileHash-MD5 c676c779990a6265786ca61ce121dbe7 MD5 of 44ddabf5b5d601077936a130a2863a96d2af1c8e 2025-09-09
FileHash-MD5 ec52395aef59706866cf2501908a82cb MD5 of 4a8bfa28d46ae14e45a50e105e2d34f850ffa96c 2025-09-09
FileHash-SHA1 24042a8eea9b9c20af1f7bae00296b44968a068f 2025-09-09
FileHash-SHA1 44ddabf5b5d601077936a130a2863a96d2af1c8e 2025-09-09
FileHash-SHA1 4a8bfa28d46ae14e45a50e105e2d34f850ffa96c 2025-09-09
FileHash-SHA256 2067d016d21aeda575208e9d262101840c27cd41a889e9b64313f9a4af51c9bc SHA256 of 44ddabf5b5d601077936a130a2863a96d2af1c8e 2025-09-09
FileHash-SHA256 db640a3823667682c6b2ea580ee158de96e198224b37db2bf9faacb3c39cf06f SHA256 of 24042a8eea9b9c20af1f7bae00296b44968a068f 2025-09-09
FileHash-SHA256 f08d3e3f335a9bb379cb35c1972c3a90257c7238cb8f71156a851093171ad8f9 SHA256 of 4a8bfa28d46ae14e45a50e105e2d34f850ffa96c 2025-09-09
URL http://api.release-drivers.online/ 2025-09-09
URL http://robinhood.evalvidz.com/invite/fZ6j8A2k 2025-09-09
domain careerquestion.com 2025-09-09
domain easyjobinterview.org 2025-09-09
domain evalassesso.com 2025-09-09
domain evaluateiq.com 2025-09-09
domain glitchmedic.com 2025-09-09
domain hireassessment.com 2025-09-09
domain hirelytics360.com 2025-09-09
domain hiringassessment.com 2025-09-09
domain hiringassessment.net 2025-09-09
domain motionassess.com 2025-09-09
domain nvidia-release.us 2025-09-09
domain paxos-video-interview.com 2025-09-09
domain paxosassessments.com 2025-09-09
domain quickproassess.com 2025-09-09
domain quiz-nest.com 2025-09-09
domain screenquestion.org 2025-09-09
domain skill-share.org 2025-09-09
domain skillcheck.pro 2025-09-09
domain skillmasteryhub.us 2025-09-09
domain skillquestions.com 2025-09-09
domain speakure.com 2025-09-09
domain talentcheck.pro 2025-09-09
domain versusx.us 2025-09-09
domain vidassesspro.com 2025-09-09
domain webcamfixer.online 2025-09-09
domain willotalent.us 2025-09-09
email admin@quickproassess.com 2025-09-09
email chris@wegrowup.us 2025-09-09
email info@versusx.us 2025-09-09
email invite@quiz-nest.com 2025-09-09
email legendaryaladdin@motionassess.com 2025-09-09
email rv882866.hstgr.cloud@glitchmedic.com 2025-09-09
email sinbad@hirelytics360.com 2025-09-09
hostname api.camdriverhelp.club 2025-09-09
hostname api.drive-release.cloud 2025-09-09
hostname api.release-drivers.online 2025-09-09
hostname robinhood.evalvidz.com 2025-09-09
hostname rv882866.hstgr.cloud 2025-09-09
References (1)
↗ https://www.sentinelone.com/labs/contagious-interview-threat-actors-scout-cyber-intel-platforms-reveal-plans-and-ops/