← threatfilter.dev / all groups / PLATINUM
PLATINUM
Overview
PLATINUM is an activity group that has targeted victims since at least 2009. The group has focused on targets associated with governments and related organizations in South and Southeast Asia.
Targets
Defense · Diplomacy · Government · Intelligence · Telecommunications
Capabilities
- Custom malware/implant development — ATT&CK: 3 attributed custom malware families
TTPs — 11 techniques across 7 tactics
Initial Access
-
T1189Drive-by Compromise -
T1566.001Spearphishing Attachment
Execution
-
T1204.002Malicious File
Privilege Escalation
Stealth
-
T1036Masquerading -
T1055Process Injection
Credential Access
-
T1003.001LSASS Memory
Collection
-
T1056.001Keylogging -
T1056.004Credential API Hooking
Command and Control
-
T1095Non-Application Layer Protocol -
T1105Ingress Tool Transfer
Tools & malware (3)
JPIN · Dipsind · adbupd
Reporting (1)
- PLATINUM: Targeted attacks in South and Southeast Asia — Windows Defender Advanced Threat Hunting Team