{ "Event": { "analysis": "1", "date": "2019-11-08", "extends_uuid": "", "info": "[Threat Intel] Titanium: the Platinum group strikes again", "protected": false, "publish_timestamp": "1780039686", "published": true, "threat_level_id": "1", "timestamp": "1772901958", "uuid": "87b1f91a-1222-459b-9b1e-1d0a328b2430", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"PLATINUM\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736671012", "to_ids": false, "type": "link", "uuid": "60064f56-5da5-4243-bc76-c97e645684fc", "value": "https://securelist.com/titanium-the-platinum-group-strikes-again/94961/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1736671012", "to_ids": false, "type": "text", "uuid": "eac605a2-a22b-444c-8318-ffecfc20451b", "value": "Platinum is one of the most technologically advanced APT actors with a traditional focus on the APAC region. During recent analysis we discovered Platinum using a new backdoor that we call Titanium (named after a password to one of the self-executable archives). Titanium is the final result of a sequence of dropping, downloading and installing stages. The malware hides at every step by mimicking common software (protection related, sound drivers software, DVD video creation tools)." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1736671012", "to_ids": false, "type": "text", "uuid": "7b538c00-1dda-4190-94e3-ad2a615e2302", "value": "Name: Titanium: the Platinum group strikes again\nAuthor: AlienVault\nAdversary: PLATINUM\nTags: [\"platinum\"]\nTgtd countries: [\"Malaysia\", \"Indonesia\", \"Viet Nam\"]\nMlwr families: []\nAttack_ids: []\nIndustries: [\"Government\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1736671012", "to_ids": false, "type": "threat-actor", "uuid": "f9142962-c82e-4345-a275-42ad536a46e3", "value": "PLATINUM" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740884773", "to_ids": true, "type": "url", "uuid": "1837ca08-606d-4047-b2af-b15903891314", "value": "http://70.39.115.196/payment/confirm.gif?f=1", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740884794", "to_ids": true, "type": "url", "uuid": "33328a96-98c7-45fd-9770-6738d45e606d", "value": "http://70.39.115.196/payment/confirm.gif", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740884815", "to_ids": true, "type": "url", "uuid": "0b206a66-294c-466f-9eee-057eae2b2d81", "value": "http://70.39.115.196/payment/confirm.gif?f=2", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ] } }