PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)

PLATINUM is an activity group that has targeted victims since at least 2009. The group has focused on targets associated with governments and related organizations in South and Southeast Asia. (Citation: Microsoft PLATINUM April 2016)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
PLATINUM (1fc5671f-5757-43bf-8d6d-a9a93b03713a)	Threat Actor	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
adbupd - S0202 (0f1ad2ef-41d4-4b7a-9304-ddae68ea3005)	Malware	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517)	Malware	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
PLATINUM (154e97b5-47ef-415a-99a6-2157f1b50339)	Microsoft Activity Group actor	PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694)	Intrusion Set	1
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	2
PLATINUM (154e97b5-47ef-415a-99a6-2157f1b50339)	Microsoft Activity Group actor	PLATINUM (1fc5671f-5757-43bf-8d6d-a9a93b03713a)	Threat Actor	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	Windows Permissions - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30)	Malware	BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7)	Attack Pattern	2
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	adbupd - S0202 (0f1ad2ef-41d4-4b7a-9304-ddae68ea3005)	Malware	2
adbupd - S0202 (0f1ad2ef-41d4-4b7a-9304-ddae68ea3005)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	2
adbupd - S0202 (0f1ad2ef-41d4-4b7a-9304-ddae68ea3005)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517)	Malware	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517)	Malware	2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517)	Malware	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517)	Malware	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517)	Malware	2
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517)	Malware	2
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517)	Malware	2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	3
Windows Permissions - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	3
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3