[threat-actors] Add DragonSpark

This commit is contained in:
Mathieu4141 2023-11-16 07:10:18 -08:00
parent dc9d98ffe9
commit d365624734

View file

@ -13080,6 +13080,17 @@
}, },
"uuid": "df697450-57e0-496b-982c-a167ed41f023", "uuid": "df697450-57e0-496b-982c-a167ed41f023",
"value": "UNC4191" "value": "UNC4191"
},
{
"description": "DragonSpark is a threat actor that has been conducting attacks primarily targeting organizations in East Asia. They utilize the open-source tool SparkRAT, which is a multi-platform and frequently updated remote access Trojan. The threat actor is believed to be Chinese-speaking based on their use of Chinese language support and compromised infrastructure located in China and Taiwan. They employ various techniques to evade detection, including Golang source code interpretation and the use of the China Chopper webshell.",
"meta": {
"country": "CN",
"refs": [
"https://www.sentinelone.com/labs/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation/"
]
},
"uuid": "a219a78b-7b91-41b1-bf14-91e31e0bb9da",
"value": "DragonSpark"
} }
], ],
"version": 294 "version": 294