PLATINUM
Associated Group Descriptions |
|
Name | Description |
---|---|
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1056 | .001 | Input Capture: Keylogging |
PLATINUM has used several different keyloggers.(Citation: Microsoft PLATINUM April 2016) |
.004 | Input Capture: Credential API Hooking |
PLATINUM is capable of using Windows hook interfaces for information gathering such as credential access.(Citation: Microsoft PLATINUM April 2016) |
||
Enterprise | T1003 | .001 | OS Credential Dumping: LSASS Memory |
PLATINUM has used keyloggers that are also capable of dumping credentials.(Citation: Microsoft PLATINUM April 2016) |
Enterprise | T1566 | .001 | Phishing: Spearphishing Attachment |
PLATINUM has sent spearphishing emails with attachments to victims as its primary initial access vector.(Citation: Microsoft PLATINUM April 2016) |
Enterprise | T1204 | .002 | User Execution: Malicious File |
PLATINUM has attempted to get users to open malicious files by sending spearphishing emails with attachments to victims.(Citation: Microsoft PLATINUM April 2016) |
Software |
|||
ID | Name | References | Techniques |
---|---|---|---|
S0202 | adbupd | (Citation: Microsoft PLATINUM April 2016) | Windows Management Instrumentation Event Subscription, Windows Command Shell, Asymmetric Cryptography |
S0201 | JPIN | (Citation: Microsoft PLATINUM April 2016) | Windows File and Directory Permissions Modification, Windows Command Shell, Local Groups, System Network Configuration Discovery, Process Discovery, File Deletion, Query Registry, BITS Jobs, Mail Protocols, Disable or Modify Tools, File and Directory Discovery, Process Injection, Ingress Tool Transfer, Keylogging, System Owner/User Discovery, File Transfer Protocols, Security Software Discovery, System Information Discovery, Obfuscated Files or Information, System Service Discovery |
S0200 | Dipsind | (Citation: Microsoft PLATINUM April 2016) | Ingress Tool Transfer, Symmetric Cryptography, Winlogon Helper DLL, Scheduled Transfer, Windows Command Shell, Standard Encoding, Web Protocols, Custom Command and Control Protocol |
References
- Kaplan, D, et al. (2017, June 7). PLATINUM continues to evolve, find ways to maintain invisibility. Retrieved February 19, 2018.
- Windows Defender Advanced Threat Hunting Team. (2016, April 29). PLATINUM: Targeted attacks in South and Southeast Asia. Retrieved February 15, 2018.
- Carr, N.. (2018, October 25). Nick Carr Status Update. Retrieved September 12, 2024.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.