ioc[.]one - OSINT Cyber Threat Intelligence Database

APT Profile: Dark Pink APT Group

Tags

cmtmf-attack-pattern:	Boot Or Logon Autostart Execution Command And Scripting Interpreter Event Triggered Execution Masquerading Obfuscated Files Or Information Scheduled Task/Job
country:	Belgium Indonesia Thailand Vietnam U.S. Virgin Islands
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Audio Capture - T1429 Boot Or Logon Autostart Execution - T1547 Bypass User Account Control - T1548.002 Change Default File Association - T1546.001 Command And Scripting Interpreter - T1623 Credentials From Password Stores - T1555 Dll Side-Loading - T1574.002 Event Triggered Execution - T1624 Event Triggered Execution - T1546 File And Directory Discovery - T1420 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Scheduled Task/Job - T1603 Screen Capture - T1513 Service Execution - T1569.002 Software - T1592.002 Software Packing - T1027.002 Software Packing - T1406.002 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 System Services - T1569 Trusted Developer Utilities Proxy Execution - T1127 Template Injection - T1221 Web Service - T1481 Virtualization/Sandbox Evasion - T1497 Vulnerabilities - T1588.006 Virtualization/Sandbox Evasion - T1633 Audio Capture - T1123 Browser Extensions - T1176 Bypass User Account Control - T1088 Change Default File Association - T1042 Command-Line Interface - T1059 Data Encoding - T1132 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 File And Directory Discovery - T1083 Masquerading - T1036 Obfuscated Files Or Information - T1027 Powershell - T1086 Query Registry - T1012 Scheduled Task - T1053 Screen Capture - T1113 Service Execution - T1035 Software Packing - T1045 Spearphishing Attachment - T1193 System Information Discovery - T1082 Windows Management Instrumentation - T1047 Web Service - T1102 User Execution - T1204 Masquerading Screen Capture Spearphishing Attachment User Execution

Show in Graph

Common Information

Type	Value
UUID	a159985d-caf4-43a5-a527-35d6ba9dc507
Fingerprint	94401956c0fdcdc3
Analysis status	DONE
Considered CTI value	1
Text language
Published	Oct. 5, 2023, 2:03 p.m.
Added to db	Oct. 24, 2023, 1:07 p.m.
Last updated	Nov. 17, 2024, 5:56 p.m.
Headline	APT Profile: Dark Pink APT Group
Title	APT Profile: Dark Pink APT Group
Detected Hints/Tags/Attributes	102/4/6

Source URLs

	Redirection	Url
Details	Source	https://socradar.io/apt-profile-dark-pink-apt-group/

URL Provider

Details	Provider	Source level domain
Details	socradar.io	socradar.io

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	269		cve-2017-0199
Details	Domain	272		outlook.com
Details	Domain	50		webhook.site
Details	Email	2		blackpink.301@outlook.com
Details	Email	2		blackred.113@outlook.com
Details	Threat Actor Identifier - APT-C	102		APT-C-35