Threat Actor Profile
High APT
Description

PLATINUM is an activity group that has targeted victims since at least 2009. The group has focused on targets associated with governments and related organizations in South and Southeast Asia. (Citation: Microsoft PLATINUM April 2016)

Confidence Score
90%
Known Aliases
PLATINUM
Tags
mitre-attack stix-2.1 intrusion-set
First Seen

Unknown

Last Updated

Unknown

Active Status
Active
Created

April 29, 2026

MITRE ATT&CK Techniques (11)
T1056.001 - Keylogging
Collection
T1056.004 - Credential API Hooking
Collection
T1095 - Non-Application Layer Protocol
Command and Control
T1105 - Ingress Tool Transfer
Command and Control
T1003.001 - LSASS Memory
Credential Access
T1036 - Masquerading
Defense Evasion
T1055 - Process Injection
Defense Evasion
T1204.002 - Malicious File
Execution
T1189 - Drive-by Compromise
Initial Access
T1566.001 - Spearphishing Attachment
Initial Access
T1068 - Exploitation for Privilege Escalation
Privilege Escalation
Indicators of Compromise

Loading IOCs…

IOC KQL for Sentinel
STIX Data 
{'aliases': ['PLATINUM'],
 'created': '2018-04-18T17:59:24.739Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': '[PLATINUM](https://attack.mitre.org/groups/G0068) is an '
                'activity group that has targeted victims since at least 2009. '
                'The group has focused on targets associated with governments '
                'and related organizations in South and Southeast Asia. '
                '(Citation: Microsoft PLATINUM April 2016)',
 'external_references': [{'external_id': 'G0068',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/groups/G0068'},
                         {'description': '(Citation: Microsoft PLATINUM April '
                                         '2016)',
                          'source_name': 'PLATINUM'},
                         {'description': 'Windows Defender Advanced Threat '
                                         'Hunting Team. (2016, April 29). '
                                         'PLATINUM: Targeted attacks in South '
                                         'and Southeast Asia. Retrieved '
                                         'February 15, 2018.',
                          'source_name': 'Microsoft PLATINUM April 2016',
                          'url': 'https://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf'}],
 'id': 'intrusion-set--f9c06633-dcff-48a1-8588-759e7cec5694',
 'modified': '2025-04-25T14:49:07.040Z',
 'name': 'PLATINUM',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'spec_version': '2.1',
 'type': 'intrusion-set',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_contributors': ['Ryan Becwar'],
 'x_mitre_deprecated': False,
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_version': '1.3'}
Quick Actions
Related TTPs (11)
Keylogging
Collection
Credential API Hooking
Collection
Non-Application Layer Protocol
Command and Control
Ingress Tool Transfer
Command and Control
LSASS Memory
Credential Access
View All 11 TTPs
Back to Threat Actors
Dashboard Home