MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

[threat-actors] Add DragonSpark

pull/896/head
Mathieu4141 2023-11-16 07:10:18 -08:00
parent dc9d98ffe9
commit d365624734
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
clusters/threat-actor.json
View File

@ -13080,6 +13080,17 @@
},
"uuid": "df697450-57e0-496b-982c-a167ed41f023",
"value": "UNC4191"
},
{
"description": "DragonSpark is a threat actor that has been conducting attacks primarily targeting organizations in East Asia. They utilize the open-source tool SparkRAT, which is a multi-platform and frequently updated remote access Trojan. The threat actor is believed to be Chinese-speaking based on their use of Chinese language support and compromised infrastructure located in China and Taiwan. They employ various techniques to evade detection, including Golang source code interpretation and the use of the China Chopper webshell.",
"meta": {
"country": "CN",
"refs": [
"https://www.sentinelone.com/labs/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation/"
]
},
"uuid": "a219a78b-7b91-41b1-bf14-91e31e0bb9da",
"value": "DragonSpark"
}
],
"version": 294