{ "Event": { "analysis": "2", "date": "2023-01-06", "extends_uuid": "", "info": "[Threat Intel] New forces in Southeast Asia: Analysis of the new APT organization Saaiwc Group's attack activities against Southeast Asian military, finance and other departments", "protected": false, "publish_timestamp": "1780040126", "published": true, "threat_level_id": "1", "timestamp": "1772902023", "uuid": "95c53aa7-b231-4c24-a7de-a7a40a435f1b", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"b0c71d51-34fd-47b5-9eb4-dd406ffc607f\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Finance\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Military\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740784365", "to_ids": false, "type": "link", "uuid": "6a0cbc7f-b99b-4783-be37-1024fb67e0fb", "value": "https://mp.weixin.qq.com/s/G3gUjg9WC96NW4cRPww6gw" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740784427", "to_ids": false, "type": "threat-actor", "uuid": "72203508-210c-4458-b9df-715aa55b1c7b", "value": "Saaiwc Group" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740784435", "to_ids": false, "type": "threat-actor", "uuid": "66cc543f-eff3-4008-9326-f1656cfd5499", "value": "Dark Pink" }, { "category": "Other", "comment": "Telegram bot api key\r\nchat id:5028607068", "deleted": false, "disable_correlation": false, "timestamp": "1746833067", "to_ids": false, "type": "text", "uuid": "541f66e4-6872-4490-94dc-d45995b58488", "value": "bot5621584862:AAGG6WcTvFu7ADpnMT42PqwOoKfTqMDQKkQ" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746834538", "uuid": "8804603d-b83b-4411-81da-9b24e322eb9b", "Attribute": [ { "category": "Payload delivery", "comment": "2022-10-19 Uploaded against the Philippine Army Command", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746834538", "to_ids": true, "type": "md5", "uuid": "3f9eefaa-83d2-46e5-b49a-6762f7768bf6", "value": "edcd5ff1c2af9451405d430052c60660", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "2022-10-19 Uploaded against the Philippine Army Command", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746792350", "to_ids": true, "type": "sha1", "uuid": "397d541f-6e8d-488b-8b2c-605bca33fbe5", "value": "a55ac633303713c61b0dd475bba409e00640d739", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "2022-10-19 Uploaded against the Philippine Army Command", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746792350", "to_ids": true, "type": "sha256", "uuid": "3266f418-6fb3-4d6b-b01a-a12e1cc1c793", "value": "c0036195bb7a23e6800420c46fad86725bf7a1a4da24c688dde304f8e42674d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746792349", "to_ids": true, "type": "ssdeep", "uuid": "30e50887-bba7-4289-9e02-e050bf811052", "value": "6144:uImoAFu+OykdGpxysrz5Tjuf9/ddlZi3F23FukA1kAb0rEbrESZU8wFjNHN:FGONdGpxyoljc/d9EM3E790rEbrEz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746792349", "to_ids": false, "type": "size-in-bytes", "uuid": "d5c5bfea-828d-431a-a8fb-d9a9d08676ed", "value": "2256896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746792349", "to_ids": true, "type": "vhash", "uuid": "ab07b2dd-0c0c-4a03-a76d-28e25a88a54e", "value": "ddc4a6592a0c7b27a3f32c44d0a0696b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746792349", "to_ids": true, "type": "filename", "uuid": "ae9e5d6a-0d55-4376-a40e-61638e20be48", "value": "Updates on AJEX DAGITPA 2022 on 200900 Oct 22.pdf.iso" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746792349", "to_ids": false, "type": "text", "uuid": "ce20c371-d4f6-4a14-8f36-1cf9a24e5123", "value": "2022-10-19 Uploaded against the Philippine Army Command\r\nType Description: ISO image\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:32/61\nFirst Submission:2022-10-19T03:26:30.000000+00:00\nLast Submission:2023-08-21T04:31:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746834559", "uuid": "894d6f8d-e073-4185-bced-b5277d86cbaa", "Attribute": [ { "category": "Payload delivery", "comment": "2022-10-19 Uploaded against the Philippine Army Command", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746834559", "to_ids": true, "type": "md5", "uuid": "b5fdf434-562a-4cd0-b693-a9aeb2e56709", "value": "a6e085c099d681a71b937631a5e88c06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "2022-10-19 Uploaded against the Philippine Army Command", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746792371", "to_ids": true, "type": "sha1", "uuid": "73c67703-aed2-4b4b-a547-4fc669cacb17", "value": "5719a2bc984ab208e808f52af0446998a7d3cb64", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "2022-10-19 Uploaded against the Philippine Army Command", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746792371", "to_ids": true, "type": "sha256", "uuid": "a71dbeac-6126-4ab5-b42b-c9024a2bea0f", "value": "5c7388afabf7622844545f95aa6d4388233b375fd63ed575542b151d494aceed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746792371", "to_ids": true, "type": "ssdeep", "uuid": "5f1784e9-6095-4504-95f1-c0d608434a5a", "value": "6144:CMDjGhD5pRZAvSaRj3UlB+9/ddlZa3F23FukA1kAb0rEbrESZU8wFjNHNlI:fjGJ5pRKvb/d9cM3E790rEbrEz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746792371", "to_ids": false, "type": "size-in-bytes", "uuid": "bb16b599-0a40-41d3-9834-f35b751f6c0f", "value": "2332672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746792371", "to_ids": true, "type": "vhash", "uuid": "86aa7a01-e65c-4860-9663-ffdcd66f1ec1", "value": "ddc4a6592a0c7b27a3f32c44d0a0696b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746792371", "to_ids": true, "type": "filename", "uuid": "07a87992-d335-4b4b-8566-83c9f1a9f109", "value": "5c7388afabf7622844545f95aa6d4388233b375fd63ed575542b151d494aceed.iso" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 24/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746792371", "to_ids": false, "type": "text", "uuid": "aa121437-b68a-47fd-a354-1233181c27d1", "value": "2022-10-19 Uploaded against the Philippine Army Command\r\nType Description: ISO image\nMicrosoft: None\nVT Total Detection:31/65\nFirst Submission:2022-10-19T01:25:12.000000+00:00\nLast Submission:2023-05-29T11:11:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746834580", "uuid": "10e361c7-e18e-445e-b035-86dabd28fbc6", "Attribute": [ { "category": "Payload delivery", "comment": "2022-11-25 Uploaded for Cambodian Ministry of Economy and Finance", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746834580", "to_ids": true, "type": "md5", "uuid": "bccbe177-91a4-487e-8a6a-e4a63dd36599", "value": "c6abce3f12c14b7804a2532a3f5199b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "2022-11-25 Uploaded for Cambodian Ministry of Economy and Finance", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746792392", "to_ids": true, "type": "sha1", "uuid": "2d7ca47b-b4b9-423f-b54c-e7c7084d5b3d", "value": "406bd5ef64ed026d726676b47101e0f86a4e642d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "2022-11-25 Uploaded for Cambodian Ministry of Economy and Finance", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746792392", "to_ids": true, "type": "sha256", "uuid": "836e1711-c35f-45d2-b289-f63b015d3ec9", "value": "47d1288b080660ee363006d8f713740e8c9ee2b1c21f984bd2ba191adc5d2f0a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746792392", "to_ids": true, "type": "ssdeep", "uuid": "c0a66217-8aea-467c-b873-ebe6cf35b1e2", "value": "24576:GXgGBKk0IyyQbUFCpWwRCdjvAhLIBd4bNmKtq2E7+oboz:GXgGUk0hyQbUFCvRCdWiIq2UU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746792392", "to_ids": false, "type": "size-in-bytes", "uuid": "7e50c30c-7c56-48aa-9a0a-41c0dd041b93", "value": "2834432" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746792392", "to_ids": true, "type": "vhash", "uuid": "63543c78-a30c-4c86-9541-ef5b38a8c959", "value": "ddc4a6592a0c7b27a3f32c44d0a0696b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746792392", "to_ids": true, "type": "filename", "uuid": "03fb59aa-7264-4943-b725-75eb09f2e704", "value": "47d1288b080660ee363006d8f713740e8c9ee2b1c21f984bd2ba191adc5d2f0a.bin" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 05/02/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746792392", "to_ids": false, "type": "text", "uuid": "2b768df9-c2f7-436d-91dd-86cdd8dfd6a3", "value": "2022-11-25 Uploaded for Cambodian Ministry of Economy and Finance\r\nType Description: ISO image\nMicrosoft: None\nVT Total Detection:29/61\nFirst Submission:2022-11-25T06:30:45.000000+00:00\nLast Submission:2023-01-13T11:08:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746834601", "uuid": "8c2f86b6-5aa3-4d25-bb67-093262b8e42a", "Attribute": [ { "category": "Payload delivery", "comment": "2022-05-24Uploaded the YSEALI Southeast Asian Youth Leaders Program for Vietnam", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746834601", "to_ids": true, "type": "md5", "uuid": "6fe1d5d5-1217-41f4-87b3-ee4e24925637", "value": "f02a96b84231da7626399ff1ca6fb33f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "2022-05-24Uploaded the YSEALI Southeast Asian Youth Leaders Program for Vietnam", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746792413", "to_ids": true, "type": "sha1", "uuid": "b95ed041-5dac-4334-a0e2-99456c4e487c", "value": "4495ec539782cf51fc0187a06bb56f4a1900c6b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "2022-05-24Uploaded the YSEALI Southeast Asian Youth Leaders Program for Vietnam", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746792414", "to_ids": true, "type": "sha256", "uuid": "86823326-a7b4-4729-98c0-bd72fd626ea1", "value": "32955129b966798e66c20ccf2ec4001d32038d296acef3d3001d21eecad712e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746792413", "to_ids": true, "type": "ssdeep", "uuid": "464795f0-083d-4e4d-80c0-09a47004a858", "value": "3072:+1LbZ7mjUC2qE0MRznTLyoWvqTXfqBfJ6yTPMQrMQfjDMFTXZ2oQX/HZVTE7+0gc:wCF1gPsUQVfjDQv+HZ6+0Ev1YScX+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746792413", "to_ids": false, "type": "size-in-bytes", "uuid": "afef6d71-dd02-4594-8fe9-fd494fb3c6ca", "value": "321536" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746792413", "to_ids": true, "type": "vhash", "uuid": "77224d01-2e8f-46b5-8b39-a8e1653ffb82", "value": "3aff2224414df605c35e8ef53cb3ddfa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746792413", "to_ids": true, "type": "filename", "uuid": "5051ca8a-3f93-415a-a0ae-c0c301e8fb9a", "value": "Application-Form-YSEALI-Academic-Fellowship.iso" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 04/04/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746792413", "to_ids": false, "type": "text", "uuid": "9ea1fe29-eb80-4e1f-9eeb-f4d7070eb5ff", "value": "2022-05-24Uploaded the YSEALI Southeast Asian Youth Leaders Program for Vietnam\r\nType Description: ISO image\nMicrosoft: None\nVT Total Detection:14/59\nFirst Submission:2022-05-24T18:37:03.000000+00:00\nLast Submission:2022-05-24T18:37:03.000000+00:00" } ] } ] } }