Cервис управления информационной безопасностью
Cервис управления информационной безопасностью
Вход Регистрация
MITRE ATT&CK - Преступная группа PLATINUM
CVE уязвимости
БДУ ФСТЭК уязвимости
НКЦКИ уязвимости
MITRE ATT&CK
БДУ ФСТЭК
Новая БДУ ФСТЭК
Риски
Каталоги
MITRE ATT&CK
Преступная группа
PLATINUM
Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.
Подробнее
Наш канал

PLATINUM

PLATINUM is an activity group that has targeted victims since at least 2009. The group has focused on targets associated with governments and related organizations in South and Southeast Asia. (Citation: Microsoft PLATINUM April 2016)
ID: G0068
Associated Groups: 
Version: 1.3
Created: 18 Apr 2018
Last Modified: 22 Apr 2021

Associated Group Descriptions
Name Description

Techniques Used
Domain ID Name Use
Enterprise T1056 .001 Input Capture: Keylogging

PLATINUM has used several different keyloggers.(Citation: Microsoft PLATINUM April 2016)
.004 Input Capture: Credential API Hooking

PLATINUM is capable of using Windows hook interfaces for information gathering such as credential access.(Citation: Microsoft PLATINUM April 2016)

Enterprise T1003 .001 OS Credential Dumping: LSASS Memory

PLATINUM has used keyloggers that are also capable of dumping credentials.(Citation: Microsoft PLATINUM April 2016)
Enterprise T1566 .001 Phishing: Spearphishing Attachment

PLATINUM has sent spearphishing emails with attachments to victims as its primary initial access vector.(Citation: Microsoft PLATINUM April 2016)
Enterprise T1204 .002 User Execution: Malicious File

PLATINUM has attempted to get users to open malicious files by sending spearphishing emails with attachments to victims.(Citation: Microsoft PLATINUM April 2016)

Software
ID Name References Techniques
S0202 adbupd (Citation: Microsoft PLATINUM April 2016) Windows Management Instrumentation Event Subscription, Windows Command Shell, Asymmetric Cryptography
S0201 JPIN (Citation: Microsoft PLATINUM April 2016) Windows File and Directory Permissions Modification, Windows Command Shell, Local Groups, System Network Configuration Discovery, Process Discovery, File Deletion, Query Registry, BITS Jobs, Mail Protocols, Disable or Modify Tools, File and Directory Discovery, Process Injection, Ingress Tool Transfer, Keylogging, System Owner/User Discovery, File Transfer Protocols, Security Software Discovery, System Information Discovery, Obfuscated Files or Information, System Service Discovery
S0200 Dipsind (Citation: Microsoft PLATINUM April 2016) Ingress Tool Transfer, Symmetric Cryptography, Winlogon Helper DLL, Scheduled Transfer, Windows Command Shell, Standard Encoding, Web Protocols, Custom Command and Control Protocol

References

  1. Kaplan, D, et al. (2017, June 7). PLATINUM continues to evolve, find ways to maintain invisibility. Retrieved February 19, 2018.
  2. Windows Defender Advanced Threat Hunting Team. (2016, April 29). PLATINUM: Targeted attacks in South and Southeast Asia. Retrieved February 15, 2018.
  3. Carr, N.. (2018, October 25). Nick Carr Status Update. Retrieved April 22, 2019.
Навигация

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.