{ "Event": { "analysis": "2", "date": "2023-03-10", "extends_uuid": "", "info": "[Threat Intel] Dark Pink APT Group Strikes Government Entities in South Asian Countries", "protected": false, "publish_timestamp": "1780040125", "published": true, "threat_level_id": "1", "timestamp": "1780040125", "uuid": "25e986a7-aa5b-4cb7-bc0e-39250b30d17d", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"EclecticIQ\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"b0c71d51-34fd-47b5-9eb4-dd406ffc607f\"", "relationship_type": "" }, { "colour": "#57997c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bidirectional Communication - T1102.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"", "relationship_type": "" }, { "colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Double File Extension - T1036.007\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"HTML Smuggling - T1027.006\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"MSBuild - T1127.001\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Winlogon Helper DLL - T1547.004\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740783991", "to_ids": false, "type": "link", "uuid": "631fb43a-c5cc-4094-aae3-a1331a6ead3f", "value": "https://blog.eclecticiq.com/dark-pink-apt-group-strikes-government-entities-in-south-asian-countries" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780040125", "to_ids": true, "type": "ip-dst", "uuid": "941eed6d-2a82-4004-bd50-39188c6b7236", "value": "206.123.151.133", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#15dbfe", "local": false, "name": "asn:asn=\"212238\"", "relationship_type": "" }, { "colour": "#1f1556", "local": false, "name": "asn:as-owner=\"CDNEXT\"", "relationship_type": "" }, { "colour": "#e1449b", "local": false, "name": "asn:as-country=\"GB\"", "relationship_type": "" }, { "colour": "#b7c1b9", "local": false, "name": "misp-galaxy:country=\"united kingdom\"", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740784148", "to_ids": false, "type": "threat-actor", "uuid": "d5027f26-5e02-42f7-b22f-2c6355713c9b", "value": "Dark Pink" }, { "category": "Other", "comment": "XOR decryption key is used as statically to perform decryption during execution time", "deleted": false, "disable_correlation": false, "timestamp": "1746833126", "to_ids": false, "type": "text", "uuid": "9d535496-a86b-4348-bf85-0a0a02388e1a", "value": "0xa7" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981571", "uuid": "92f29c7f-00e7-4069-828e-2da1a9a14132", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981571", "to_ids": true, "type": "md5", "uuid": "f9dc3d0a-551f-4cdb-b84b-ad10f63f746d", "value": "836184b7387b212f8b7f064d5e60f587", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746792326", "to_ids": true, "type": "sha1", "uuid": "5563b599-b442-4fc9-a443-a4ca3ac1e036", "value": "fcefbe984fa0e343ec51cb22b6119014a6b1ee36", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746792326", "to_ids": true, "type": "sha256", "uuid": "62faa18d-362e-49f8-967f-c6f89de05086", "value": "205f6808ab05ff3932ee799f37c227a7a950e07ea97f51d206e0563c83592e60", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746792326", "to_ids": true, "type": "ssdeep", "uuid": "b1b00031-47cd-43ea-ba44-da8e54cc28a5", "value": "24576:q2E7+oboyxNo900Ypq00SMAHtEuVQASQ:q2UUt900Yq00SMAN7QASQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746792326", "to_ids": false, "type": "size-in-bytes", "uuid": "da327a98-c600-4fda-a9ed-b10fbce9a24a", "value": "2570240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746792326", "to_ids": true, "type": "vhash", "uuid": "fd958f39-b8f3-4c3d-9346-0656edc73e48", "value": "ddc4a6592a0c7b27a3f32c44d0a0696b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746792326", "to_ids": true, "type": "filename", "uuid": "ad582792-2601-47fc-afc6-1c1de954465e", "value": "205f6808ab05ff3932ee799f37c227a7a950e07ea97f51d206e0563c83592e60.iso" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 11/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746792326", "to_ids": false, "type": "text", "uuid": "eb054093-4730-478b-8150-4e37cbcf0f5c", "value": "Type Description: ISO image\nMicrosoft: None\nVT Total Detection:32/61\nFirst Submission:2023-02-01T04:52:34.000000+00:00\nLast Submission:2023-03-23T03:28:55.000000+00:00" } ] } ] } }