DragonSpark

Also known as: DragonSpark

DragonSpark is a threat actor that has been conducting attacks primarily targeting organizations in East Asia. They utilize the open-source tool SparkRAT, which is a multi-platform and frequently updated remote access Trojan. The threat actor is believed to be Chinese-speaking based on their use of Chinese language support and compromised infrastructure located in China and Taiwan. They employ various techniques to evade detection, including Golang source code interpretation and the use of the China Chopper webshell.

🌍 Country China

Introduction

DragonSpark is a threat actor that has been conducting attacks primarily targeting organizations in East Asia. They utilize the open-source tool SparkRAT, which is a multi-platform and frequently updated remote access Trojan. The threat actor is believed to be Chinese-speaking based on their use of Chinese language support and compromised infrastructure located in China and Taiwan. They employ various techniques to evade detection, including Golang source code interpretation and the use of the China Chopper webshell.

Activities and Tactics

Country of Origin: 🇨🇳 China

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • Trojan.Karagany
  • China Chopper
  • RemoteCMD
  • Trojan.Mebromi
  • Remote Utilities
  • RemotePC

Attribution and Evidence

Country of Origin: China Additional attribution information pending cataloguing.

References

References pending cataloguing.