Rectifyq📃Title: Titanium: the Platinum group strikes again
📅Date: 2019-11-08
🔗References:
Description
Platinum is one of the most technologically advanced APT actors with a traditional focus on the APAC region. During recent analysis we discovered Platinum using a new backdoor that we call Titanium (named after a password to one of the self-executable archives). Titanium is the final result of a sequence of dropping, downloading and installing stages. The malware hides at every step by mimicking common software (protection related, sound drivers software, DVD video creation tools).
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: malware-analysis
- target: targeted
- MY-relevancy: relevant
🔖MISP Galaxies:
- producer Kaspersky
- target-information=“Malaysia”
- target-information=“Indonesia”
- target-information=“Vietnam”
- threat-actor PLATINUM
- mitre-attack-pattern=[]
MISP event uuid: 87b1f91a-1222-459b-9b1e-1d0a328b2430
Indicator of Compromise (IoCs)
type,value,comment
url, http://70.39.115.196/payment/confirm.gif?f=1, ''
url, http://70.39.115.196/payment/confirm.gif, ''
url, http://70.39.115.196/payment/confirm.gif?f=2, ''
Full IOCs available in Rectifyq's MISP```