2023-01-11 Dark Pink - New APT hitting Asia-Pacific, Europe that goes deeper and darker

📃Title: Dark Pink - New APT hitting Asia-Pacific, Europe that goes deeper and darker
📅Date: 2023-01-11
🔗References:

• https://blog.group-ib.com/dark-pink-apt
• https://www.bharian.com.my/berita/nasional/2023/01/1050642/data-tentera-malaysia-disyaki-dicuri-penggodam-sama-tahun-lalu

Description

A new group of advanced persistent threat actors (APT) is targeting government and military institutions across Asia and Europe in the next five years, according to cybersecurity researchers Group-IB, who have uncovered seven attacks.

🔖Rectifyq Taxonomies:

• relevancy: 🔴 Highly Relevant
• category: ⚔Threat
• sub-category: intrusion-analysis
• target: targeted
• MY-relevancy: relevant

🔖MISP Galaxies:

• producer Group-IB
• target-information=“Vietnam”
• target-information=“Bosnia and Herzegovina”
• target-information=“Indonesia”
• target-information=“Cambodia”
• target-information=“Malaysia”
• target-information=“Philippines”
• malpedia=“DarkPink”
• sector=“Government, Administration”
• sector=“Military”
• sector=“Non-profit organisation”
• mitre-enterprise-attack-tool=“PowerSploit - S0194”
• mitre-tool=“PowerSploit - S0194”
• online-service=“b0c71d51-34fd-47b5-9eb4-dd406ffc607f”
• online-service=“3b16bb5a-eb4f-4603-a909-bebc5df4a46d”
• mitre-attack-pattern=[‘T1547’, ‘T1566’, ‘T1123’, ‘T1574’, ‘T1113’, ‘T1555’, ‘T1082’, ‘T1059’, ‘T1127’, ‘T1027’, ‘T1140’, ‘T1546’, ‘T1102’, ‘T1555.003’]

MISP event uuid: 87a3c7a8-d755-47c7-9084-a7d58341be99

Indicator of Compromise (IoCs)

type,value,comment
email-src, blackpink.301@outlook.com, 'emails used during data exfiltration'
email-src, alibaba.113@outlook.com, 'emails used during data exfiltration'
email-src, alibaba.113@outlook.com.vn, 'emails used during data exfiltration'
md5, 728afa40b20df6d2540648ef845eb754, 'Ctealer Loader No sample in VT\r\nLast check:23/02/2025'
sha1, d8df672ecd9018f3f2d23e5c966535c30a54b71d, 'Ctealer Loader No sample in VT\r\nLast check:23/02/2025'
sha256, c60f778641942b7b0c00f3214211b137b683e8296abb1905d2557bfb245bf775, 'Ctealer Loader No sample in VT\r\nLast check:23/02/2025'
md5, 7eaf1b65004421ac07c6bb1a997487b2, 'Packed ctealer No sample in VT\r\nLast check:23/02/2025'
sha1, 18ca159183c98f52df45d3e9db0087e17596a866, 'Packed ctealer No sample in VT\r\nLast check:23/02/2025'
sha256, e3181ee97d3ffd31c22c2c303c6e75d0196912083d0c21536e5833ee7d108736, 'Packed ctealer No sample in VT\r\nLast check:23/02/2025'
md5, 732091ad428419247bce87603ea79f00, 'No sample in VT\r\nLast check:23/02/2025'
sha1, 142f909c26bd57969ef93d7942587cdf15910e34, 'No sample in VT\r\nLast check:23/02/2025'
sha256, e45df7418ca47a9a4c4803697f4b28c618469c6e5a5678213ab81df9fcc9fd51, 'No sample in VT\r\nLast check:23/02/2025'
email-src, blackred.113@outlook.com, 'emails used during data exfiltration'
email-src, lanhuong.jsc@outlook.com, 'emails used during data exfiltration'
email-src, nphuongmai.97@outlook.com, 'emails used during data exfiltration'

Full IOCs available in Rectifyq's MISP```