PLATINUM
Associated Group Descriptions |
|
Name | Description |
---|---|
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1056 | .001 | Input Capture: Keylogging |
PLATINUM has used several different keyloggers.(Citation: Microsoft PLATINUM April 2016) |
.004 | Input Capture: Credential API Hooking |
PLATINUM is capable of using Windows hook interfaces for information gathering such as credential access.(Citation: Microsoft PLATINUM April 2016) |
||
Enterprise | T1003 | .001 | OS Credential Dumping: LSASS Memory |
PLATINUM has used keyloggers that are also capable of dumping credentials.(Citation: Microsoft PLATINUM April 2016) |
Enterprise | T1566 | .001 | Phishing: Spearphishing Attachment |
PLATINUM has sent spearphishing emails with attachments to victims as its primary initial access vector.(Citation: Microsoft PLATINUM April 2016) |
Enterprise | T1204 | .002 | User Execution: Malicious File |
PLATINUM has attempted to get users to open malicious files by sending spearphishing emails with attachments to victims.(Citation: Microsoft PLATINUM April 2016) |
Software |
|||
ID | Name | References | Techniques |
---|---|---|---|
S0202 | adbupd | (Citation: Microsoft PLATINUM April 2016) | Windows Management Instrumentation Event Subscription, Asymmetric Cryptography, Windows Command Shell |
S0201 | JPIN | (Citation: Microsoft PLATINUM April 2016) | System Owner/User Discovery, Keylogging, System Service Discovery, Windows File and Directory Permissions Modification, System Information Discovery, Process Injection, Mail Protocols, System Network Configuration Discovery, File and Directory Discovery, Process Discovery, File Transfer Protocols, Local Groups, Disable or Modify Tools, Obfuscated Files or Information, Query Registry, BITS Jobs, Security Software Discovery, Windows Command Shell, File Deletion, Ingress Tool Transfer |
S0200 | Dipsind | (Citation: Microsoft PLATINUM April 2016) | Standard Encoding, Symmetric Cryptography, Scheduled Transfer, Winlogon Helper DLL, Windows Command Shell, Web Protocols, Ingress Tool Transfer, Custom Command and Control Protocol |
References
- Kaplan, D, et al. (2017, June 7). PLATINUM continues to evolve, find ways to maintain invisibility. Retrieved February 19, 2018.
- Windows Defender Advanced Threat Hunting Team. (2016, April 29). PLATINUM: Targeted attacks in South and Southeast Asia. Retrieved February 15, 2018.
- Carr, N.. (2018, October 25). Nick Carr Status Update. Retrieved September 12, 2024.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.