Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-06 15:37:51 UTC
Home > List all groups > List all tools > List all groups using tool Spark
 Tool: Spark
Names Spark
Category Malware
Type Reconnaissance, Backdoor, Keylogger, Info stealer, Downloader
Description
(Cybereason) The Spark backdoor allows the attackers to:
• Collect information about the infected machine.
• Encrypt the collected data and send it to the attackers over the HTTP protocol.
• Download additional payloads.
• Log keystrokes.
• Record audio using the computer’s microphone.
• Execute commands on the infected machine.
The creators of the Spark backdoor use a few techniques that are intended to keep the
backdoor under-the-radar, including:
• Packing the payloads with the Enigma packer.
• Checking for antivirus and other security products using WMI.
• Validating Arabic keyboard and language settings on the infected machine.
Information
MITRE ATT&CK Malpedia Last change to this tool card: 30 December 2022
Download this tool card in JSON format
All groups using tool Spark
Changed Name Country Observed
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=934e2c2c-e02e-4deb-afa4-064a1b10c29b
Page 1 of 2

APT groups
  Molerats, Extreme Jackal, Gaza Cybergang [Gaza] 2012-Jul 2023  
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=934e2c2c-e02e-4deb-afa4-064a1b10c29b
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=934e2c2c-e02e-4deb-afa4-064a1b10c29b
Page 2 of 2