G0100 · 22 ATT&CK techniques · 0 correlated reports

Inception

Aliases: Inception Framework, Cloud Atlas

Inception is a cyber espionage group active since at least 2014. The group has targeted multiple industries and governmental entities primarily in Russia, but has also been active in the United States and throughout Europe, Asia, Africa, and the Middle East.

Open interactive actor investigation

ATT&CK techniques

T1027.013
Encrypted/Encoded FileT1588.002
ToolT1547.001
Registry Run Keys / Startup FolderT1102
Web ServiceT1090.003
Multi-hop ProxyT1518
Software DiscoveryT1083
File and Directory DiscoveryT1566.001
Spearphishing AttachmentT1082
System Information DiscoveryT1059.001
PowerShellT1204.002
Malicious FileT1071.001
Web ProtocolsT1005
Data from Local SystemT1218.005
MshtaT1555.003
Credentials from Web BrowsersT1203
Exploitation for Client ExecutionT1069.002
Domain GroupsT1059.005
Visual BasicT1221
Template InjectionT1218.010
Regsvr32T1573.001
Symmetric CryptographyT1057
Process Discovery

Correlated CTI and IR reports

Continue the investigation

Interactive ThreatMapper ThreatMapper documentation CTI Analyst Field Manual Israel Threat Actors CTI Anomaly Detection Atlas ITDR Handbook 1200km Medium research