Clankerusecase
Threat-actor profile
 ← Back to main site
Home/ Threat Actors/ PLATINUM

🌐PLATINUM

🌐 PLATINUM is a tracked threat actor in the Clankerusecase corpus. ??-aligned. Primary motivation: Unknown. We map 14 detection use cases to this actor across 11 MITRE ATT&CK techniques, with 0 threat-intel articles citing them.

View full actor card → All threat actors MITRE ATT&CK group spec (G0068) ↗
14Use cases
0Articles
11Techniques
0IOCs

About this actor (MITRE)

[PLATINUM](https://attack.mitre.org/groups/G0068) is an activity group that has targeted victims since at least 2009. The group has focused on targets associated with governments and related organizations in South and Southeast Asia. (Citation: Microsoft PLATINUM April 2016)

Known aliases

PLATINUM

Top techniques

T1003.001 · LSASS MemoryT1036 · MasqueradingT1055 · Process Injection

All other tracked techniques

T1056.001 · KeyloggingT1056.004 · Credential API HookingT1068 · Exploitation for Privilege EscalationT1095 · Non-Application Layer ProtocolT1105 · Ingress Tool TransferT1189 · Drive-by CompromiseT1204.002 · Malicious FileT1566.001 · Spearphishing Attachment

Detection use cases (14)

PLATINUM Dipsind/JPIN ICMP C2 — non-LOLBIN process generating sustained ICMP egress AI · profile SΣ PLATINUM spearphish-to-LSASS chain — Office attachment → masqueraded payload → LSASS credential access AI · profile S Auth-Bypass on Public-Facing Service → Post-Exploit Action on Same Host (≤10 min) MITRE match Brand-Impersonation Domain Fetch Followed by User-Context Loader Within 10 Minutes MITRE match Cross-Platform ClickFix Paste-to-Pipe Loader (UI-Parent Shell with Decode-and-Execute Payload) MITRE match Developer package install spawning script-host with non-registry C2 within 5 minutes MITRE match Internet-Facing Service Process Spawning Unix Shell or Ingress-Tool LOLBin (Edge Zero-Day Post-Exploit) MITRE match Language-runtime server (node/python/java) spawns OS shell shortly after inbound request — eval / sandbox-escape exploitation chain MITRE match Linux LPE chain — anomalous algif_aead/esp4/esp6/rxrpc kernel-module load followed by same-user root transition MITRE match Low-Code / AI Workflow Runtime Sandbox-Escape — Server Process Spawns Shell + Public Egress MITRE match Package Manager / Dev-Tool Auto-Execution Triggers Non-Registry Egress or Credential-Store Access MITRE match Package Manager Install Spawning Outbound Egress to Non-Registry Infrastructure Within 5 Minutes MITRE match Package manager lifecycle hook spawns network-fetching shell or runtime MITRE match Post-Auth Privilege Boundary Crossing on Edge/Management Appliances (low-priv -> admin within 10m) MITRE match