Campaigns
Digital Deception: The LESLIELOADER Campaign's Mastery of Malware Misdirection

Digital Deception: The LESLIELOADER Campaign's Mastery of Malware Misdirection

SPARKRAT Loader UpdateCyber Campaign SPARKRATOngoing Cyber ThreatsNew Malware Loader
It was found by cybersecurity researchers that the SPARKRAT malware was deployed using an undocumented Golang installer, allowing it to execute undetected on target systems. Although SPARKRAT's project has been discontinued, it is still being modified for use in targeted attacks, most notably in the "DRAGONSPARK" campaign against East Asian organizations.

Indicators of Compromise

No domains found for this campaign

Campaign Guidance

Remediation, mitigation, notes, history and related intelligence

Process Injection Detection and Prevention: The use of legitimate applications like notepad.exe for injection is highlighted as a common evasion tactic. Enhancing tools capable of detecting process injections is a crucial mitigation strategy.

Encryption and Decryption Monitoring: LESLIELOADER's ability to decode and decrypt a secondary payload necessitates the close monitoring of encryption and decryption activities. Security tools should be configured to detect abnormal encryption or decryption activities.

Enhanced Static and Runtime Analysis: SPARKRAT's interpretation of its Golang source code at runtime necessitates the improvement of both static and runtime analyses. Malware analysis tools need to be updated to recognize such sophisticated behaviors.

Update and Patch Systems: Keeping software and systems updated and patched helps prevent the exploitation of known vulnerabilities. Continuous updating of systems is crucial to protect against undocumented loaders like LESLIELOADER.

Implement Application Whitelisting: Application whitelisting can prevent malware from infiltrating the system by allowing only approved applications to run.

Network Segmentation and Monitoring: Network segmentation and monitoring allow for the isolation and swift response to potential threats. The absence of network connections by LESLIELOADER underscores the need for continuous monitoring of network traffic.

Educate Users: Educating users on malware threats and social engineering tactics helps them recognize and be cautious about potential threats.


These mitigation and remediation recommendations are critical for forming an effective defense strategy against threats like LESLIELOADER and SPARKRAT.


Observed Countries250

AD (132)
AE (259)
AF (946)
AG (128)
AI (35)
AL (571)
AM (140)
AO (41)
AQ (621)
AR (871)
AS (880)
AT (184)
AU (204)
AW (612)
AX (475)
AZ (36)
BA (516)
BB (538)
BD (463)
BE (264)
BF (877)
BG (106)
BH (499)
BI (482)
BJ (812)
BL (75)
BM (617)
BN (608)
BO (536)
BQ (813)
BR (842)
BS (894)
BT (200)
BV (541)
BW (645)
BY (2)
BZ (703)
CA (978)
CC (993)
CD (624)
CF (850)
CG (52)
CH (173)
CI (109)
CK (764)
CL (806)
CM (176)
CN (535)
CO (887)
CR (682)
CU (666)
CV (34)
CW (846)
CX (277)
CY (381)
CZ (224)
DE (92)
DJ (320)
DK (365)
DM (739)
DO (926)
DZ (796)
EC (583)
EE (522)
EG (710)
EH (232)
ER (58)
ES (45)
ET (886)
FI (523)
FJ (948)
FK (578)
FM (733)
FO (588)
FR (386)
GA (764)
GB (575)
GD (100)
GE (88)
GF (813)
GG (281)
GH (110)
GI (590)
GL (815)
GM (193)
GN (14)
GP (831)
GQ (894)
GR (170)
GS (522)
GT (433)
GU (549)
GW (737)
GY (328)
HK (492)
HM (841)
HN (580)
HR (374)
HT (37)
HU (698)
ID (302)
IE (271)
IL (244)
IM (439)
IN (161)
IO (110)
IQ (724)
IR (821)
IS (961)
IT (701)
JE (850)
JM (33)
JO (289)
JP (78)
KE (562)
KG (181)
KH (592)
KI (103)
KM (565)
KN (561)
KP (86)
KR (389)
KW (510)
KY (545)
KZ (583)
LA (955)
LB (58)
LC (464)
LI (46)
LK (253)
LR (514)
LS (919)
LT (408)
LU (914)
LV (254)
LY (661)
MA (40)
MC (826)
MD (90)
ME (5)
MF (794)
MG (595)
MH (973)
MK (707)
ML (938)
MM (256)
MN (707)
MO (511)
MP (925)
MQ (329)
MR (323)
MS (729)
MT (251)
MU (213)
MV (202)
MW (669)
MX (34)
MY (139)
MZ (176)
NA (776)
NC (887)
NE (81)
NF (408)
NG (111)
NI (142)
NL (519)
NO (905)
NP (549)
NR (753)
NU (251)
NZ (713)
OM (670)
PA (303)
PE (809)
PF (589)
PG (63)
PH (995)
PK (730)
PL (423)
PM (352)
PN (619)
PR (769)
PS (831)
PT (89)
PW (874)
PY (690)
QA (691)
RE (642)
RO (440)
RS (217)
RU (382)
RW (328)
SA (196)
SB (961)
SC (71)
SD (44)
SE (995)
SG (966)
SH (696)
SI (241)
SJ (15)
SK (435)
SL (594)
SM (869)
SN (985)
SO (802)
SR (712)
SS (939)
ST (698)
SV (248)
SX (954)
SY (533)
SZ (647)
TC (696)
TD (385)
TF (545)
TG (972)
TH (625)
TJ (280)
TK (741)
TL (298)
TM (523)
TN (543)
TO (926)
TR (436)
TT (713)
TV (626)
TW (340)
TZ (806)
UA (190)
UG (427)
UM (449)
US (653)
UY (135)
UZ (190)
VA (625)
VC (438)
VE (494)
VG (402)
VI (925)
VN (893)
VU (236)
WF (36)
WS (789)
XK (806)
YE (984)
YT (212)
ZA (922)
ZM (637)
ZW (865)