From d365624734c8ce6655907b1f9064554c74ae36c2 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Thu, 16 Nov 2023 07:10:18 -0800
Subject: [PATCH] [threat-actors] Add DragonSpark

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 4fe0513..300d507 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13080,6 +13080,17 @@
       },
       "uuid": "df697450-57e0-496b-982c-a167ed41f023",
       "value": "UNC4191"
+    },
+    {
+      "description": "DragonSpark is a threat actor that has been conducting attacks primarily targeting organizations in East Asia. They utilize the open-source tool SparkRAT, which is a multi-platform and frequently updated remote access Trojan. The threat actor is believed to be Chinese-speaking based on their use of Chinese language support and compromised infrastructure located in China and Taiwan. They employ various techniques to evade detection, including Golang source code interpretation and the use of the China Chopper webshell.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://www.sentinelone.com/labs/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation/"
+        ]
+      },
+      "uuid": "a219a78b-7b91-41b1-bf14-91e31e0bb9da",
+      "value": "DragonSpark"
     }
   ],
   "version": 294