ioc[.]one - OSINT Cyber Threat Intelligence Database

Phylum Discovers Go-Based RAT “Spark” Being Distributed on PyPI

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	57074df8-2406-4cd6-9a04-6d8e8ef374af
Fingerprint	82610aa5eb77379b
Analysis status	DONE
Considered CTI value	0
Text language
Published	Feb. 28, 2023, midnight
Added to db	March 4, 2023, 6:52 p.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	Phylum Discovers Go-Based RAT “Spark” Being Distributed on PyPI
Title	Phylum Discovers Go-Based RAT “Spark” Being Distributed on PyPI
Detected Hints/Tags/Attributes	45/2/33

Source URLs

	Redirection	Url
Details	Source	https://blog.phylum.io/phylum-discovers-go-based-rat-spark-being-distributed-on-pypi

URL Provider

Details	Provider	Source level domain
Details	phylum.io	blog.phylum.io

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	506	✔	—	https://blog.phylum.io/rss.xml	2024-08-31 10:08

Attributes

Details	Type	#Events	Value
Details	Domain	3	colored.py
Details	Domain	1	colors.py
Details	Domain	5	file.py
Details	Domain	25	dl.dropbox.com
Details	Domain	2	mozila.sh
Details	Domain	1	path.sh
Details	Domain	54	subprocess.call
Details	Domain	4128	github.com
Details	Domain	32	golang.org
Details	Domain	1	dc-symantec.at.ply.gg
Details	Domain	2	playit.gg
Details	File	3	colored.py
Details	File	1	colors.py
Details	File	13	platform.sys
Details	File	5	file.py
Details	File	42	request.url
Details	File	10	at.pl
Details	Github username	1	creack
Details	Github username	2	denisbrodbeck
Details	Github username	1	gen2brain
Details	Github username	4	gorilla
Details	Github username	1	imroc
Details	Github username	1	jezek
Details	Github username	1	json-iterator
Details	Github username	1	kataras
Details	Github username	5	kbinani
Details	Github username	1	modern-go
Details	Github username	6	shirou
Details	Github username	1	tklauser
Details	IPv4	2	209.25.140.229
Details	Url	1	https://dl.dropbox.com/s/gh2ge8p1nchnulx/mozila.sh
Details	Url	1	https://dl.dropbox.com/s/uegd0iz8okshs65/abcd
Details	Url	1	https://playit.gg