{ "id": "7b9a3e00-0498-46db-baf3-7f4ad09e9181", "created_at": "2026-04-06T00:13:22.126101Z", "updated_at": "2026-04-10T03:35:34.377139Z", "deleted_at": null, "sha1_hash": "b3799f2189653bbd983967795f18307a775438a8", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 49544, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 19:53:42 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool AMTsol\n Tool: AMTsol\nNames\nAMTsol\nAdupihan\nCategory Malware\nType Exfiltration\nDescription\n(Microsoft) Since the 2016 publication, Microsoft has come across an evolution of\nPLATINUM’s file-transfer tool, one that uses the Intel Active Management Technology\n(AMT) Serial-over-LAN (SOL) channel for communication. This channel works\nindependently of the operating system (OS), rendering any communication over it invisible to\nfirewall and network monitoring applications running on the host device. Until this incident,\nno malware had been discovered misusing the AMT SOL feature for communication.\nUpon discovery of this unique file-transfer tool, Microsoft shared information with Intel, and\nthe two companies collaborated to analyze and better understand the purpose and\nimplementation of the tool. We confirmed that the tool did not expose vulnerabilities in the\nmanagement technology itself, but rather misused AMT SOL within target networks that have\nalready been compromised to keep communication stealthy and evade security applications.\nInformation\nMalpedia Last change to this tool card: 28 December 2022\nDownload this tool card in JSON format\nAll groups using tool AMTsol\nChanged Name Country Observed\nAPT groups\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=454c7a03-4419-43d9-9671-5c70a4a81a8d\nPage 1 of 2\n\nPlatinum 2009-Nov 2019  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=454c7a03-4419-43d9-9671-5c70a4a81a8d\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=454c7a03-4419-43d9-9671-5c70a4a81a8d\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=454c7a03-4419-43d9-9671-5c70a4a81a8d" ], "report_names": [ "listgroups.cgi?u=454c7a03-4419-43d9-9671-5c70a4a81a8d" ], "threat_actors": [ { "id": "7d8ef10e-1d7b-49a0-ab6e-f1dae465a1a4", "created_at": "2023-01-06T13:46:38.595679Z", "updated_at": "2026-04-10T02:00:03.033762Z", "deleted_at": null, "main_name": "PLATINUM", "aliases": [ "TwoForOne", "G0068", "ATK33" ], "source_name": "MISPGALAXY:PLATINUM", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "e61c46f7-88a1-421a-9fed-0cfe2eeb820a", "created_at": "2022-10-25T16:07:24.061767Z", "updated_at": "2026-04-10T02:00:04.854503Z", "deleted_at": null, "main_name": "Platinum", "aliases": [ "ATK 33", "G0068", "Operation EasternRoppels", "TwoForOne" ], "source_name": "ETDA:Platinum", "tools": [ "AMTsol", "Adupib", "Adupihan", "Dipsind", "DvDupdate.dll", "JPIN", "LOLBAS", "LOLBins", "Living off the Land", "RedPepper", "RedSalt", "Titanium", "adbupd", "psinstrc.ps1" ], "source_id": "ETDA", "reports": null }, { "id": "33f527a5-a5da-496a-a48c-7807cc858c3e", "created_at": "2022-10-25T15:50:23.803657Z", "updated_at": "2026-04-10T02:00:05.333523Z", "deleted_at": null, "main_name": "PLATINUM", "aliases": [ "PLATINUM" ], "source_name": "MITRE:PLATINUM", "tools": [ "JPIN", "Dipsind", "adbupd" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434402, "ts_updated_at": 1775792134, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/b3799f2189653bbd983967795f18307a775438a8.pdf", "text": "https://archive.orkl.eu/b3799f2189653bbd983967795f18307a775438a8.txt", "img": "https://archive.orkl.eu/b3799f2189653bbd983967795f18307a775438a8.jpg" } }