Description
[PLATINUM](https://attack.mitre.org/groups/G0068) is an activity group that has targeted victims since at least 2009. The group has focused on targets associated with governments and related organizations in South and Southeast Asia. (Citation: Microsoft PLATINUM April 2016)
Techniques Used (TTPs)
- T1189 — Drive-by Compromise (initial-access)
- T1105 — Ingress Tool Transfer (command-and-control)
- T1204.002 — Malicious File (execution)
- T1068 — Exploitation for Privilege Escalation (privilege-escalation)
- T1056.004 — Credential API Hooking (collection, credential-access)
- T1056.001 — Keylogging (collection, credential-access)
- T1003.001 — LSASS Memory (credential-access)
- T1095 — Non-Application Layer Protocol (command-and-control)
- T1055 — Process Injection (defense-evasion, privilege-escalation)
- T1566.001 — Spearphishing Attachment (initial-access)
- T1036 — Masquerading (defense-evasion)
Total TTPs: 11