SparkRAT: Server Detection, macOS Activity, and Malicious Connections
#SparkRAT
https://hunt.io/blog/sparkrat-server-detection-macos-activity-and-malicious-connections

"Unmasking SparkRAT: Detection & macOS Campaign Insights" published by Hunt.io. #SparkRAT, #macOS, #DPRK, #CTI https://hunt.io/blog/sparkrat-server-detection-macos-activity-and-malicious-connections

#TrendMicro researchers have observed instances of threat actors exploiting two disclosed vulnerabilities in #TeamCity to deploy different #malware types such as the Jasmin #ransomware, an XMRig cryptominer variant, and the #SparkRAT backdoor. #CyberAttack
https://www.trendmicro.com/en_us/research/24/c/teamcity-vulnerability-exploits-lead-to-jasmin-ransomware.html?utm_source=trendmicroresearch&utm_medium=smk&utm_campaign=032024_TeamCity&s=09

Exploitation of CVE-2024-27198 (9.8, disclosed on 04 March 2024 by JetBrains, has Proof of Concept, in KEV Catalog 07 March 2024: auth bypass in TeamCity) has been observed by Trend Micro to drop Jasmin ransomware, XMRig cryptocurrency miner, SparkRAT backdoor, and Cobalt Strike beacons. MITRE ATT&CK TTPs and IOC provided. 🔗 https://www.trendmicro.com/en_us/research/24/c/teamcity-vulnerability-exploits-lead-to-jasmin-ransomware.html

#CVE_2024_27198 #KEV #CISA #JetBrains #TeamCity #vulnerability #eitw #activeexploitation #ransomware #threatintel #Jasmin #XMrig #cryptomining #SparkRAT #CobaltStrike #IOC #threatintel #proofofconcept

🇨🇳 New on #SentinelLabs: Cluster of attacks in East Asia, DragonSpark uses open-source tool #SparkRAT & malware evading detection through #Golang source code interpretation. By
@milenkowski 👇​

https://www.sentinelone.com/labs/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation/

#sparkrat #rat #gorat
43f414dc23490e5b319f19ef7e80df64
9e0d7778947acf40c9ebe017cb0e1c4d