← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation
WHITE AlienVault 2023-01-24 Modified: 2023-02-23
12
IOCs
MEDIUM VOLUME
Recent attacks against East Asian organizations we track as ‘DragonSpark’. The attacks are characterized by the use of the little known open source SparkRAT and malware that attempts to evade detection through Golang source code interpretation.
SparkRATSharpTokenBadPotatoGotoHTTPGolangDragonSparkMySQLPython
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
SparkRAT
Indicators of Compromise (12)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 aca287384838edf8ebf23551483eaf0e MD5 of bdf792c8250191bd2f5c167c8dbea5f7a63fa3b4 2023-01-24
FileHash-MD5 e00cb21590e1d0cb89eeb16897be82e7 MD5 of 83130d95220bc2ede8645ea1ca4ce9afc4593196 2023-01-24
FileHash-SHA1 14ebbed449ccedac3610618b5265ff803243313d 2023-01-24
FileHash-SHA1 2578efc12941ff481172dd4603b536a3bd322691 2023-01-24
FileHash-SHA1 6920f726d74efb7836a03d3acfc0f23af196765e 2023-01-24
FileHash-SHA1 83130d95220bc2ede8645ea1ca4ce9afc4593196 2023-01-24
FileHash-SHA256 1233a3d7bb4cfc8b9783a6bde15edfd8f5274acb7666e14f75ed5348cf7699e9 SHA256 of bdf792c8250191bd2f5c167c8dbea5f7a63fa3b4 2023-01-24
FileHash-SHA256 5585750ed182014fa4e52414ff733348ddd324f22f8ca2b476460273cba3d133 SHA256 of 83130d95220bc2ede8645ea1ca4ce9afc4593196 2023-01-24
URL http://www.bingoplanet.com.tw/images/py.exe ce7127c38e30e92a021ed2bd09287713c6a923db9ffdb43f126e8965d777fbf0 2023-01-24
URL http://www.holybaby.com.tw/api/ms.exe 2023-01-24
URL https://www.moongallery.com.tw/upload/py.exe 5585750ed182014fa4e52414ff733348ddd324f22f8ca2b476460273cba3d133 2023-01-24
domain kanmn.cn 2023-01-24
References (1)
↗ https://www.sentinelone.com/labs/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation/