Skip to content

Hide Navigation Hide TOC

PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)

PLATINUM is an activity group that has targeted victims since at least 2009. The group has focused on targets associated with governments and related organizations in South and Southeast Asia. (Citation: Microsoft PLATINUM April 2016)

Cluster A Galaxy A Cluster B Galaxy B Level
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set 1
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 1
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set PLATINUM (1fc5671f-5757-43bf-8d6d-a9a93b03713a) Threat Actor 1
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set adbupd - S0202 (0f1ad2ef-41d4-4b7a-9304-ddae68ea3005) Malware 1
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 1
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern 1
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set 1
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set 1
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 1
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) Malware 1
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set 1
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set PLATINUM (154e97b5-47ef-415a-99a6-2157f1b50339) Microsoft Activity Group actor 1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set 1
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 1
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 1
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 2
PLATINUM (154e97b5-47ef-415a-99a6-2157f1b50339) Microsoft Activity Group actor PLATINUM (1fc5671f-5757-43bf-8d6d-a9a93b03713a) Threat Actor 2
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern adbupd - S0202 (0f1ad2ef-41d4-4b7a-9304-ddae68ea3005) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern adbupd - S0202 (0f1ad2ef-41d4-4b7a-9304-ddae68ea3005) Malware 2
adbupd - S0202 (0f1ad2ef-41d4-4b7a-9304-ddae68ea3005) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) Malware Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) Malware 2
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) Malware 2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) Malware 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) Malware 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) Malware 2
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern 3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 3
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3