{ "Event": { "analysis": "2", "date": "2023-07-13", "extends_uuid": "", "info": "[Threat Intel] MA-951.062023: MyCERT Alert - WhatsappPink Malicious Fake Update Message", "protected": false, "publish_timestamp": "1780040153", "published": true, "threat_level_id": "3", "timestamp": "1772902029", "uuid": "1d2fa3f0-dd2f-4204-ad90-22bb05763e66", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740787654", "to_ids": false, "type": "link", "uuid": "d8e125d6-bd33-4fce-90a3-d7f04d9b440b", "value": "https://www.mycert.org.my/portal/advisory?id=MA-951.062023" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740787664", "to_ids": false, "type": "link", "uuid": "d9885995-e74a-456d-a4c3-98cb2cc38a2a", "value": "https://soyacincau.com/2023/06/27/what-is-pink-whatsapp-and-why-you-shouldnt-download-it-on-your-phone/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747025922", "to_ids": true, "type": "url", "uuid": "d3af8a93-a876-4ce7-8cca-0d604f2f0d31", "value": "http://lookpink.xyz/?whatsapp", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747025943", "to_ids": true, "type": "url", "uuid": "e1f27769-3d28-4d87-8a7c-bf84969ded2f", "value": "http://whatsapp.profileviewz.com/?whatsapp", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747025964", "to_ids": true, "type": "url", "uuid": "f19969a8-1c1b-4deb-932b-af9074eade46", "value": "http://whatsapp.wwwy.xyz/?pinklook", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747025985", "uuid": "5a665362-d641-4bc3-b34b-04f949ce21c4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747025985", "to_ids": true, "type": "md5", "uuid": "449976d5-c0a4-49a6-bc0d-54dd71753fcd", "value": "9a902d186c948e72af6b269862c27055", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025195", "to_ids": true, "type": "sha1", "uuid": "a0fc224f-3340-4c4d-ac39-6e76b83c124c", "value": "ebe1c8a61059c3f38ecd57506792600cca1d0dab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025195", "to_ids": true, "type": "sha256", "uuid": "facbcaff-b73c-4296-b89b-363ad542aa88", "value": "f1c738c47b3bf0bf7c68de89a39e036de035f8ac76401eb2450942f0f2c65ecf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025194", "to_ids": true, "type": "ssdeep", "uuid": "9a229f2c-47e3-4802-ad26-79d1d3ac5ea2", "value": "49152:KCbjqvbbisNmpiF2BjZRj1111b1WZBj88mQOogv77B:KgK30piF2B1111b1WZ9ZDO1V" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025195", "to_ids": false, "type": "size-in-bytes", "uuid": "05f8dd61-8453-46b8-9f7f-eb61aa0f4bc8", "value": "1800016" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025195", "to_ids": true, "type": "vhash", "uuid": "a729482c-9b6d-473c-9fcb-aa584327e43f", "value": "82bf4dbe2050b01440fc0ceb11854b35" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025195", "to_ids": true, "type": "filename", "uuid": "b3857a30-fa91-435d-89f7-4109e2bf4d91", "value": "WhatsappPink.apk" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 02/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025195", "to_ids": false, "type": "text", "uuid": "c3537d45-700e-4b24-8c4a-d3305e6da64a", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:24/66\nFirst Submission:2021-04-16T03:14:49.000000+00:00\nLast Submission:2021-04-16T03:14:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747026006", "uuid": "d17aa6bf-134d-444b-ac85-a254a7ae83f0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747026006", "to_ids": true, "type": "md5", "uuid": "7edfbd8e-4ccb-4e3a-93d9-94a0c77cc7b2", "value": "e1870d613d54239e8fb5f09b6a4e880d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025216", "to_ids": true, "type": "sha1", "uuid": "adc97f44-8e8b-4ef7-9500-406ca5706c09", "value": "108e68b397d9b957cd88f2c2a9cef3ed4912db28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025216", "to_ids": true, "type": "sha256", "uuid": "cf01785d-9a09-4b0a-a627-04d7f296fd0a", "value": "c93f4044cc470414c1bbe6a9399a714e6326c499bd7a976e93c411e7b103f946", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025216", "to_ids": true, "type": "ssdeep", "uuid": "9ddfa9b5-df14-4753-973a-1fcba3a5691a", "value": "49152:xHWIsI1SbMzYBjZRj1111b1WZBj88mQnogvNb:JAI1SbMEB1111b1WZ9ZDnzb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025216", "to_ids": false, "type": "size-in-bytes", "uuid": "526176be-c6ee-4a0d-b006-2cef93dfa616", "value": "1799996" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025216", "to_ids": true, "type": "vhash", "uuid": "38ec388b-b24c-4bf3-a2c0-ec4716d64e28", "value": "82bf4dbe2050b01440fc0ceb11854b35" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025216", "to_ids": true, "type": "filename", "uuid": "d8b6d6cc-651c-47b6-aa62-2bb6cc965409", "value": "whatsappPink-1.apk" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 02/08/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025216", "to_ids": false, "type": "text", "uuid": "d65baa29-4169-4785-97bc-0f86edaeb4d1", "value": "Type Description: Android\nMicrosoft: Ransom:Win32/Eris\nVT Total Detection:27/65\nFirst Submission:2021-04-18T01:34:05.000000+00:00\nLast Submission:2021-04-18T02:37:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747026028", "uuid": "afa49ac7-7b54-4f11-9b85-924dc7c4814c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747026028", "to_ids": true, "type": "md5", "uuid": "2a53fe75-99c0-457e-bd10-e634bd781a23", "value": "90cfcde60b6cd57a2e9b2047cff51fb7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025237", "to_ids": true, "type": "sha1", "uuid": "c8cca043-83f8-46ac-bdf4-90e061c983f4", "value": "7af58326e4fce439fc34bc6985130eb85edc48fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025238", "to_ids": true, "type": "sha256", "uuid": "59d69bbf-1db0-407a-90ca-54645cf8b13a", "value": "a0d5ccfff4ec9e01d2d8d8d7999757c98b50e2fef9c581c326bfdbdb4674f608", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025237", "to_ids": true, "type": "ssdeep", "uuid": "2a4f8625-cea4-4293-a9c3-8ec6ca09ed1c", "value": "49152:cmDgS3RebFEfriWCp7djZRj1111b1WZBj88mQ+ogvK/:9rRwWCp7V1111b1WZ9ZD+Q/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025237", "to_ids": false, "type": "size-in-bytes", "uuid": "db7e4e84-1402-44ae-85c5-1252d23cfc9d", "value": "1800012" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025237", "to_ids": true, "type": "vhash", "uuid": "89629e1c-5ca3-46fc-ad4e-0967058bbe10", "value": "82bf4dbe2050b01440fc0ceb11854b35" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025237", "to_ids": true, "type": "filename", "uuid": "3d476a36-39fa-449f-8951-08462daca9a2", "value": "working on WhatsappPink.apk" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 05/06/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025237", "to_ids": false, "type": "text", "uuid": "1bd72227-f78d-48b5-9adb-e359f041b274", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:16/64\nFirst Submission:2021-04-17T02:01:46.000000+00:00\nLast Submission:2023-05-25T14:46:33.000000+00:00" } ] } ] } }