The Threat CodexFeb 20
VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)
#CVE_2026_1731 #Vshell #SparkRAT
https://unit42.paloaltonetworks.com/beyondtrust-cve-2026-1731/
VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)

CVE-2026-1731 is an RCE vulnerability in identity platform BeyondTrust. This flaw allows attackers control of systems without login credentials.

Unit 42
The Threat CodexFeb 1, 2025
SparkRAT: Server Detection, macOS Activity, and Malicious Connections
#SparkRAT
https://hunt.io/blog/sparkrat-server-detection-macos-activity-and-malicious-connections
Unmasking SparkRAT: Detection & macOS Campaign Insights

Explore SparkRAT detection tactics, macOS targeting, and insights into recent DPRK-linked campaigns with actionable research findings.

lazarusholicJan 31, 2025
"Unmasking SparkRAT: Detection & macOS Campaign Insights" published by Hunt.io. #SparkRAT, #macOS, #DPRK, #CTI https://hunt.io/blog/sparkrat-server-detection-macos-activity-and-malicious-connections
Unmasking SparkRAT: Detection & macOS Campaign Insights

Explore SparkRAT detection tactics, macOS targeting, and insights into recent DPRK-linked campaigns with actionable research findings.

Anonymous ๐Ÿˆ๏ธ๐Ÿพโ˜•๐Ÿต๐Ÿด๐Ÿ‡ต๐Ÿ‡ธ Mar 25, 2024
#TrendMicro researchers have observed instances of threat actors exploiting two disclosed vulnerabilities in #TeamCity to deploy different #malware types such as the Jasmin #ransomware, an XMRig cryptominer variant, and the #SparkRAT backdoor. #CyberAttack
https://www.trendmicro.com/en_us/research/24/c/teamcity-vulnerability-exploits-lead-to-jasmin-ransomware.html?utm_source=trendmicroresearch&utm_medium=smk&utm_campaign=032024_TeamCity&s=09
TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types

CVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems.

Trend Micro
Not SimonMar 20, 2024

Exploitation of CVE-2024-27198 (9.8, disclosed on 04 March 2024 by JetBrains, has Proof of Concept, in KEV Catalog 07 March 2024: auth bypass in TeamCity) has been observed by Trend Micro to drop Jasmin ransomware, XMRig cryptocurrency miner, SparkRAT backdoor, and Cobalt Strike beacons. MITRE ATT&CK TTPs and IOC provided. ๐Ÿ”— https://www.trendmicro.com/en_us/research/24/c/teamcity-vulnerability-exploits-lead-to-jasmin-ransomware.html

#CVE_2024_27198 #KEV #CISA #JetBrains #TeamCity #vulnerability #eitw #activeexploitation #ransomware #threatintel #Jasmin #XMrig #cryptomining #SparkRAT #CobaltStrike #IOC #threatintel #proofofconcept

TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types

CVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems.

Trend Micro
SentinelLabsJan 24, 2023

๐Ÿ‡จ๐Ÿ‡ณ New on #SentinelLabs: Cluster of attacks in East Asia, DragonSpark uses open-source tool #SparkRAT & malware evading detection through #Golang source code interpretation. By
@milenkowski ๐Ÿ‘‡โ€‹

https://www.sentinelone.com/labs/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation/

DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation

A cluster of attacks uses a novel technique, Golang source code interpretation, to avoid detection while also deploying a little-known tool called SparkRAT.

SentinelOne
Yogesh Londhe Dec 30, 2022
#sparkrat #rat #gorat
43f414dc23490e5b319f19ef7e80df64
9e0d7778947acf40c9ebe017cb0e1c4d