Skip to content

Hide Navigation Hide TOC

PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)

PLATINUM is an activity group that has targeted victims since at least 2009. The group has focused on targets associated with governments and related organizations in South and Southeast Asia. (Citation: Microsoft PLATINUM April 2016)

Cluster A Galaxy A Cluster B Galaxy B Level
Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) Malware PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set 1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set 1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set 1
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set 1
PLATINUM (154e97b5-47ef-415a-99a6-2157f1b50339) Microsoft Activity Group actor PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set 1
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set 1
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set 1
PLATINUM (1fc5671f-5757-43bf-8d6d-a9a93b03713a) Threat Actor PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set 1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set 1
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set 1
adbupd - S0202 (0f1ad2ef-41d4-4b7a-9304-ddae68ea3005) Malware PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set 1
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set 1
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set 1
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set 1
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set 1
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set 1
Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) Malware Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern 2
Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) Malware Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern 2
Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern 2
PLATINUM (154e97b5-47ef-415a-99a6-2157f1b50339) Microsoft Activity Group actor PLATINUM (1fc5671f-5757-43bf-8d6d-a9a93b03713a) Threat Actor 2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern adbupd - S0202 (0f1ad2ef-41d4-4b7a-9304-ddae68ea3005) Malware 2
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern adbupd - S0202 (0f1ad2ef-41d4-4b7a-9304-ddae68ea3005) Malware 2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern adbupd - S0202 (0f1ad2ef-41d4-4b7a-9304-ddae68ea3005) Malware 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware 2
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 3
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 3
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 3