2023-05-31 Dark Pink. Episode 2

📃Title: Dark Pink. Episode 2
📅Date: 2023-05-31
🔗References:

• https://www.group-ib.com/blog/dark-pink-episode-2/

🔖Rectifyq Taxonomies:

• relevancy: 🔴 Highly Relevant
• category: ⚔Threat
• sub-category: intrusion-analysis
• target: targeted
• MY-relevancy: relevant

🔖MISP Galaxies:

• producer Group-IB
• target-information=“Belgium”
• target-information=“Bosnia and Herzegovina”
• target-information=“Brunei”
• target-information=“Cambodia”
• target-information=“Indonesia”
• target-information=“Malaysia”
• target-information=“Philippines”
• target-information=“Thailand”
• target-information=“Vietnam”
• sector=“Development”
• sector=“Education”
• sector=“Government, Administration”
• sector=“Military”
• sector=“NGO”
• mitre-attack-pattern=[‘T1010’, ‘T1560.001’, ‘T1123’, ‘T1548.002’, ‘T1555.003’, ‘T1574.002’, ‘T1005’, ‘T1039’, ‘T1140’, ‘T1036.007’, ‘T1567’, ‘T1567.002’, ‘T1070.004’, ‘T1083’, ‘T1074.001’, ‘T1127.001’, ‘T1204.002’, ‘T1036.004’, ‘T1112’, ‘T1135’, ‘T1571’, ‘T1059.001’, ‘T1091’, ‘T1053.005’, ‘T1518.001’, ‘T1566.002’, ‘T1082’, ‘T1537’, ‘T1059.005’, ‘T1071.001’, ‘T1102’, ‘T1059.003’, ‘T1222.001’, ‘T1546.003’, ‘T1547.004’]

MISP event uuid: 61853de2-8dd1-4192-b828-05018aec7e75

Indicator of Compromise (IoCs)

type,value,comment
url, https://webhook.site/288a834b-fd92-4531-82a5-b41e907daa56, ''
url, https://webhook.site/2b733e31-70bb-4777-be4a-41a98f3559bf, ''
url, http://raw.githubusercontent.com/peterlyly/zxcv/main/xxx.gif, ''
url, http://raw.githubusercontent.com/peterlyly/zxcv/main/ccc.gif, ''
url, http://raw.githubusercontent.com/peterlyly/zxcv/main/DDDD.gif, ''
url, http://raw.githubusercontent.com/peterlyly/zxcv/main/eeeee.gif, ''
url, https://raw.githubusercontent.com/peterlyly/zxcv/main/eeeee.gif, ''
url, https://raw.githubusercontent.com/peterlyly/zxcv/main/xxx.gif, ''
url, https://raw.githubusercontent.com/peterlyly/zxcv/main/eee.gif, ''
url, https://raw.githubusercontent.com/peterlyly/zxcv/main/ccc.gif, ''
url, https://raw.githubusercontent.com/peterlyly/zxcv/main/bbb.gif, ''
url, https://textbin.net/raw/1tmfbi0bep, ''
url, https://textbin.net/raw/d7hs6e68ox, ''
url, http://176.10.80.38:8843/upload, ''
url, http://176.10.80.38:8843/11.msi, ''
url, http://176.10.80.38:8843/1.zip, ''

Full IOCs available in Rectifyq's MISP```