clean wagemole alias

[jashdalvi]

per https://www.zscaler.com/blogs/security-research/pyongyang-your-payroll-rise-north-korean-remote-workers-west, "contagious interview" is a campaign of wagemole and not an alias of it. This PR cleans the listed alias.

WageMole threat actors’ first step in applying for a job involves creating fake personas. WageMole threat actors obtain fake passports or other forms of identification, either through the Contagious Interview campaign or by purchasing them from real individuals. Occasionally, they hire foreign nationals residing in the U.S. In addition, WageMole threat actors create fake driver's licenses to verify their identity. In these cases, they appear to use stolen driver's licenses, altering only the photo on the ID while leaving the rest of the information unchanged.

[adulau]

Very good point. Thanks a lot for the contribution.

[pkalnai]

Hello, I'd like to ask why Contagious Interview was removed from the aliases for WageMole. There is an initial blog post by Palo Alto Networks from November 2023, where both codenames were introduced as two logically separated activity clusters (CI using the malware to steal from developers and WM to do proxy interviewing and job scams). Zscaler then claims that the first activity is just a subset of the latter. OK, that may be true, but all the malware like BeaverTail or InvisibleFerret is already linked to CI and now there is no such threat actor in the galaxy (e.g. this will be reflected in Malpedia https://malpedia.caad.fkie.fraunhofer.de/actor/wagemole) . Please reconsider removing the "Contagious Interview" from the WageMole, or create it as a new threat actor.