Spark

Malware Profile Updated a month ago
Download STIX
Preview STIX
Spark is a type of malware, a harmful program designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. One notable instance of Spark's use was by ExCobalt, who utilized Spark RAT (Remote Access Trojan) in their attack chain, executing commands and multiple tools such as Mimikatz, ProcDump, SMBExec, Metasploit, and rsocx. The vulnerability exploited by Spark involves a Genie API that allows users to submit SQL queries via Spark SQL. This API is part of computational resources used in big data environments such as Hadoop, Spark, Pig, Hive, Sqoop, and Presto. Over the last two decades, these distributed-memory parallel computation frameworks, including MapReduce, Hadoop, Spark, and Dryad, have gained significant popularity due to the growing prevalence of large network datasets. In a separate context, Spark has also been associated with several other entities and events. For instance, Bitcoin Spark is a new cryptocurrency inspired by Bitcoin, offering 2023 technology at 2011 prices. CrowdStrike, a cybersecurity company, was named a Leader in the 2022 SPARK Matrix for Digital Threat Intelligence Management. Lastly, Walmart’s Spark, a crowdsourcing delivery service, experienced a cyberattack that exposed sensitive data of its drivers, likely resulting from credential stuffing or phishing, affecting over 200 Spark Driver accounts.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Apache Spark
2
Apache Spark is a powerful open-source, distributed computing system used for big data processing and analytics. It offers an interface for programming entire clusters with implicit data parallelism and fault tolerance. Developed by Matei Zaharia at the University of California, Berkeley's AMPLab, A
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Phishing
Hadoop
Blackberry
Chrome
Github
Apache Spark
Ddos
Java
Proxy
dos
Denial of Se...
RCE (Remote ...
Flashpoint
exploited
Trojan
Windows
Malware
Canada
flaw
Jira
Microsoft
Iran
Government
Exploit
Crowdstrike
Cybercrime
Source
Rat
Android
Sec
India
Chromium
Atom
Bitcoin
Education
Skype
Taiwan
Bot
Credential S...
Apache
Docker
Backdoor
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
HiveUnspecified
1
Hive is a malicious software, or malware, that infiltrates systems to exploit and damage them. This malware has been associated with Volt Typhoon, who exfiltrated NTDS.dit and SYSTEM registry hive to crack passwords offline. The Hive operation was primarily involved in port scanning, credential thef
RamsayUnspecified
1
Ramsay is a sophisticated malware that was discovered by researchers at ESET in 2020. This malicious software is designed to infiltrate and exploit air-gapped networks, which are typically isolated from other networks for security reasons. Once it has infected a system, Ramsay can collect and exfilt
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
MoleratsUnspecified
1
Molerats, also known as Gaza Cybergang Group1, is a threat actor linked to Hamas that has been active for over a decade. This low-budget group has been tracked by researchers under various names including Molerats, Gaza Cybergang, Frankenstein, WIRTE, and Proofpoint’s TA402 designation. Among 16 Adv
ExcobaltUnspecified
1
ExCobalt, an active cybercrime group since at least 2016, is a significant threat actor known for targeting Russian organizations across multiple sectors. Researchers believe that ExCobalt is linked to the notorious Cobalt Gang, a connection supported by their shared use of the CobInt tool, which be
NeonUnspecified
1
Neon is a threat actor that has significantly impacted the global chip supply chain. In April, we highlighted the disruption caused by Neon in the context of the ongoing global chip supply chain crisis, notably the halving of chip output since Russia's attack on Ukraine and the growing threat of fak
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2022-33891Unspecified
2
None
CVE-2022-38398Unspecified
1
None
CVE-2021-37533Unspecified
1
None
CVE-2023-24998Unspecified
1
CVE-2023-24998 is a software vulnerability that exists due to an incomplete fix for the prior issue, #VU72427. The flaw in the software design or implementation was not fully addressed, leading to this subsequent vulnerability. As a result, certain components of the system remain susceptible to pote
CVE-2022-42890Unspecified
1
None
CVE-2022-25857Unspecified
1
None
CVE-2022-40156Unspecified
1
None
CVE-2022-31777Unspecified
1
None
CVE-2022-37866Unspecified
1
None
CVE-2022-37865Unspecified
1
None
CVE-2022-40152Unspecified
1
None
CVE-2022-41852Unspecified
1
None
CVE-2022-40146Unspecified
1
None
CVE-2022-41966Unspecified
1
None
CVE-2023-20860Unspecified
1
None
CVE-2022-41704Unspecified
1
None
CVE-2022-38751Unspecified
1
None
CVE-2022-40151Unspecified
1
None
CVE-2022-38749Unspecified
1
None
CVE-2022-38750Unspecified
1
None
CVE-2022-33681Unspecified
1
None
CVE-2022-41854Unspecified
1
None
CVE-2023-20863Unspecified
1
None
CVE-2022-28810Unspecified
1
None
CVE-2022-35914Unspecified
1
None
CVE-2021-42013Unspecified
1
None
CVE-2023-1370Unspecified
1
None
CVE-2022-4492Unspecified
1
None
CVE-2022-40150Unspecified
1
None
CVE-2023-22602Unspecified
1
None
CVE-2022-38648Unspecified
1
None
CVE-2022-38752Unspecified
1
None
CVE-2022-42003Unspecified
1
None
CVE-2022-42004Unspecified
1
None
CVE-2023-20861Unspecified
1
None
CVE-2023-1436Unspecified
1
None
CVE-2022-41853Unspecified
1
None
CVE-2022-39368Unspecified
1
None
CVE-2022-41881Unspecified
1
None
Source Document References
Information about the Spark Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
a month ago
ExCobalt Cybercrime group targets Russian organizations in multiple sectors
DARKReading
2 months ago
Critical Netflix Genie Bug Opens Big Data Orchestration to RCE
CERT-EU
a year ago
Search | arXiv e-print repository
CERT-EU
4 months ago
DBOS Cloud overturns database-on-OS conventions for speed
CERT-EU
4 months ago
One NZ appoints Nick Quin as new Head of Public Sector
CERT-EU
5 months ago
Join Us 03-22-24 for “Hacking Effective Third-Party Risk Management” – Super Cyber Friday | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
Checkpoint
5 months ago
4th March – Threat Intelligence Report - Check Point Research
CERT-EU
5 months ago
Walmart says hackers took over some Spark drivers' accounts and had access to their Social Security numbers
CERT-EU
5 months ago
From Indiana Jones to Cybersecurity: The Inspiring Journey of Devin | MSRC Blog | Microsoft Security Response Center
Securityaffairs
6 months ago
Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204
Securityaffairs
6 months ago
Watch out, a new critical flaw affects Fortra GoAnywhere MFT
BankInfoSecurity
6 months ago
XDR and the Benefits of Managed Services
CERT-EU
6 months ago
Kaspersky's iShutdown Tool Detects Pegasus Spyware and Other Mawlare on iOS Devices
CERT-EU
6 months ago
Combating cybercrime in NZ with a robust cybersecurity strategy
CERT-EU
6 months ago
Tech firm Baidu denies report that its Ernie AI chatbot is linked to Chinese military research
CERT-EU
6 months ago
Framework says hackers accessed customer data after phishing attack on accounting partner | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
6 months ago
Global risks 2024: What are the key geopolitical risks this year?
CERT-EU
6 months ago
12 best cybersecurity podcasts as recommended by the professionals | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
7 months ago
Beyond Borders: The Urgent Case For Global Cooperation In Cyber Defence – Analysis
CERT-EU
a year ago
Leftover Links 29/08/2023: Fukushima Uproar in China