{ "id": "eb4554ae-8d6b-45d0-9dd6-cd0884898e2c", "created_at": "2026-04-06T00:10:13.918084Z", "updated_at": "2026-04-10T03:36:19.285137Z", "deleted_at": null, "sha1_hash": "e239b4a1363fcaa829ea6df66b2eae401dc81ab0", "title": "Dark Pink - Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 51699, "plain_text": "Dark Pink - Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 13:58:35 UTC\n APT group: Dark Pink\nNames\nDark Pink (Group-IB)\nSaaiwc Group (Anheng Hunting Labs)\nCountry [Unknown]\nMotivation Information theft and espionage\nFirst seen 2022\nDescription\n(Group-IB) Group-IB, one of the global cybersecurity leaders, has today published\nits findings into Dark Pink, an ongoing advanced persistent threat (APT) campaign\nlaunched against high-profile targets in Cambodia, Indonesia, Malaysia, Philippines,\nVietnam, and Bosnia and Herzegovina that we believe, with moderate confidence,\nwas launched by a new threat actor. To date, Group-IB’s Threat Intelligence has been\nable to attribute seven successful attacks to this particular group from June-December 2022, with targets including military bodies, government ministries and\nagencies, and religious and non-profit organizations, although the list of victims\ncould be significantly longer. Group-IB also noted one unsuccessful attack on a\nEuropean state development body based in Vietnam.\nObserved\nSectors: Defense, Education, Government, Non-profit organizations.\nCountries: Belgium, Bosnia and Herzegovina, Brunei, Cambodia, Indonesia,\nMalaysia, Philippines, Thailand, Vietnam.\nTools used\nCtealer, Cucky, KamiKakaBot, PowerSploit, TelePowerBot, ZMsg, Living off the\nLand.\nOperations performed Feb 2023\nDark Pink APT Group Strikes Government Entities in South Asian\nCountries\nInformation\nLast change to this card: 10 March 2024\nDownload this actor card in PDF or JSON format\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=3e381f2a-364f-4428-9f3c-a5abf03bac64\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=3e381f2a-364f-4428-9f3c-a5abf03bac64\r\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=3e381f2a-364f-4428-9f3c-a5abf03bac64\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/showcard.cgi?u=3e381f2a-364f-4428-9f3c-a5abf03bac64" ], "report_names": [ "showcard.cgi?u=3e381f2a-364f-4428-9f3c-a5abf03bac64" ], "threat_actors": [ { "id": "fd4c3ddd-11cc-4192-9c94-ff107d7f8492", "created_at": "2023-02-18T02:04:24.06294Z", "updated_at": "2026-04-10T02:00:04.644528Z", "deleted_at": null, "main_name": "Dark Pink", "aliases": [ "Saaiwc Group" ], "source_name": "ETDA:Dark Pink", "tools": [ "Ctealer", "Cucky", "KamiKakaBot", "LOLBAS", "LOLBins", "Living off the Land", "PowerSploit", "TelePowerBot", "ZMsg" ], "source_id": "ETDA", "reports": null }, { "id": "fbe45970-1e9e-4a82-bc06-46317a248479", "created_at": "2026-02-03T02:00:03.45132Z", "updated_at": "2026-04-10T02:00:03.947304Z", "deleted_at": null, "main_name": "DarkPink", "aliases": [ "Saaiwc" ], "source_name": "MISPGALAXY:DarkPink", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434213, "ts_updated_at": 1775792179, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/e239b4a1363fcaa829ea6df66b2eae401dc81ab0.pdf", "text": "https://archive.orkl.eu/e239b4a1363fcaa829ea6df66b2eae401dc81ab0.txt", "img": "https://archive.orkl.eu/e239b4a1363fcaa829ea6df66b2eae401dc81ab0.jpg" } }