PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)

PLATINUM is an activity group that has targeted victims since at least 2009. The group has focused on targets associated with governments and related organizations in South and Southeast Asia. (Citation: Microsoft PLATINUM April 2016)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	1
PLATINUM (1fc5671f-5757-43bf-8d6d-a9a93b03713a)	Threat Actor	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
adbupd - S0202 (0f1ad2ef-41d4-4b7a-9304-ddae68ea3005)	Malware	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	1
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517)	Malware	1
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
PLATINUM (154e97b5-47ef-415a-99a6-2157f1b50339)	Microsoft Activity Group actor	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
PLATINUM (1fc5671f-5757-43bf-8d6d-a9a93b03713a)	Threat Actor	PLATINUM (154e97b5-47ef-415a-99a6-2157f1b50339)	Microsoft Activity Group actor	2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	adbupd - S0202 (0f1ad2ef-41d4-4b7a-9304-ddae68ea3005)	Malware	2
adbupd - S0202 (0f1ad2ef-41d4-4b7a-9304-ddae68ea3005)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
adbupd - S0202 (0f1ad2ef-41d4-4b7a-9304-ddae68ea3005)	Malware	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	2
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	2
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7)	Attack Pattern	2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	2
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517)	Malware	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517)	Malware	2
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517)	Malware	2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517)	Malware	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517)	Malware	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517)	Malware	2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	3
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	3
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	3
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3