← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
VTA - Hackers use Golang source code interpreter to evade detection
WHITE DragonSpark Superpro 2023-01-24 Modified: 2023-02-23
22
IOCs
MEDIUM VOLUME
A Chinese-speaking hacking group tracked as ‘DragonSpark’ was observed employing Golang source code interpretation to evade detection while launching espionage attacks against organizations in East Asia. The threat actor, DragonSpark relies on an open-source tool called SparkRAT to steal sensitive data from compromised systems, execute commands, perform lateral network movement, and more.
golangmeterpretercobalt strikezegostdragonsparksparkratc2 servergolang sourceshellcodeloaderchina chopperbase64golang malwarechinataiwanpythonpowershellmalwareleviathan
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Zegost Cobalt Strike Meterpreter Golang
Indicators of Compromise (2 / 22 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 aca287384838edf8ebf23551483eaf0e MD5 of bdf792c8250191bd2f5c167c8dbea5f7a63fa3b4 2023-01-24
FileHash-MD5 e00cb21590e1d0cb89eeb16897be82e7 MD5 of 83130d95220bc2ede8645ea1ca4ce9afc4593196 2023-01-24
References (1)
↗ https://www.sentinelone.com/labs/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation/