Unmasking SparkRAT: Detection & macOS Campaign Insights
ID: f805617d-9948-5f5a-8858-4bdb3ccf21be
STIX ID: report--f805617d-9948-5f5a-8858-4bdb3ccf21be
Feed Name: Hunt.io Blog
Threat Score
This report analyzes SparkRAT, a modular Golang RAT observed in active espionage campaigns (potentially DPRK-linked), detailing its WebSocket/HTTP C2 behaviour, default port and header fingerprints, sample artifacts (Mach-O binaries and an APK), delivery mechanisms via open directories and lure sites, and enumerates related IPs, domains, and file hashes as IOCs to aid detection and takedown.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.