Cервис управления информационной безопасностью
Cервис управления информационной безопасностью
Поиск
Вход Регистрация
MITRE ATT&CK - Преступная группа PLATINUM
Риски
Каталоги
MITRE ATT&CK
Преступная группа
PLATINUM
Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.
Подробнее
Наш канал

PLATINUM

PLATINUM is an activity group that has targeted victims since at least 2009. The group has focused on targets associated with governments and related organizations in South and Southeast Asia. (Citation: Microsoft PLATINUM April 2016)
ID: G0068
Associated Groups: 
Version: 1.3
Created: 18 Apr 2018
Last Modified: 25 Apr 2025

Associated Group Descriptions
Name Description

Techniques Used
Domain ID Name Use
Enterprise T1056 .001 Input Capture: Keylogging

PLATINUM has used several different keyloggers.(Citation: Microsoft PLATINUM April 2016)
.004 Input Capture: Credential API Hooking

PLATINUM is capable of using Windows hook interfaces for information gathering such as credential access.(Citation: Microsoft PLATINUM April 2016)

Enterprise T1003 .001 OS Credential Dumping: LSASS Memory

PLATINUM has used keyloggers that are also capable of dumping credentials.(Citation: Microsoft PLATINUM April 2016)
Enterprise T1566 .001 Phishing: Spearphishing Attachment

PLATINUM has sent spearphishing emails with attachments to victims as its primary initial access vector.(Citation: Microsoft PLATINUM April 2016)
Enterprise T1204 .002 User Execution: Malicious File

PLATINUM has attempted to get users to open malicious files by sending spearphishing emails with attachments to victims.(Citation: Microsoft PLATINUM April 2016)

Software
ID Name References Techniques
S0202 adbupd (Citation: Microsoft PLATINUM April 2016) Windows Management Instrumentation Event Subscription, Asymmetric Cryptography, Windows Command Shell
S0201 JPIN (Citation: Microsoft PLATINUM April 2016) System Owner/User Discovery, Keylogging, System Service Discovery, Windows File and Directory Permissions Modification, System Information Discovery, Process Injection, Mail Protocols, System Network Configuration Discovery, File and Directory Discovery, Process Discovery, File Transfer Protocols, Local Groups, Disable or Modify Tools, Obfuscated Files or Information, Query Registry, BITS Jobs, Security Software Discovery, Windows Command Shell, File Deletion, Ingress Tool Transfer
S0200 Dipsind (Citation: Microsoft PLATINUM April 2016) Standard Encoding, Symmetric Cryptography, Scheduled Transfer, Winlogon Helper DLL, Windows Command Shell, Web Protocols, Ingress Tool Transfer, Custom Command and Control Protocol

References

  1. Kaplan, D, et al. (2017, June 7). PLATINUM continues to evolve, find ways to maintain invisibility. Retrieved February 19, 2018.
  2. Windows Defender Advanced Threat Hunting Team. (2016, April 29). PLATINUM: Targeted attacks in South and Southeast Asia. Retrieved February 15, 2018.
  3. Carr, N.. (2018, October 25). Nick Carr Status Update. Retrieved September 12, 2024.
Навигация

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.