Description
[Inception](https://attack.mitre.org/groups/G0100) is a cyber espionage group active since at least 2014. The group has targeted multiple industries and governmental entities primarily in Russia, but has also been active in the United States and throughout Europe, Asia, Africa, and the Middle East.(Citation: Unit 42 Inception November 2018)(Citation: Symantec Inception Framework March 2018)(Citation: Kaspersky Cloud Atlas December 2014)
Techniques Used (TTPs)
- T1027.013 — Encrypted/Encoded File (defense-evasion)
- T1588.002 — Tool (resource-development)
- T1547.001 — Registry Run Keys / Startup Folder (persistence, privilege-escalation)
- T1102 — Web Service (command-and-control)
- T1090.003 — Multi-hop Proxy (command-and-control)
- T1518 — Software Discovery (discovery)
- T1083 — File and Directory Discovery (discovery)
- T1566.001 — Spearphishing Attachment (initial-access)
- T1082 — System Information Discovery (discovery)
- T1059.001 — PowerShell (execution)
- T1204.002 — Malicious File (execution)
- T1071.001 — Web Protocols (command-and-control)
- T1005 — Data from Local System (collection)
- T1218.005 — Mshta (defense-evasion)
- T1555.003 — Credentials from Web Browsers (credential-access)
- T1203 — Exploitation for Client Execution (execution)
- T1069.002 — Domain Groups (discovery)
- T1059.005 — Visual Basic (execution)
- T1221 — Template Injection (defense-evasion)
- T1218.010 — Regsvr32 (defense-evasion)
- T1573.001 — Symmetric Cryptography (command-and-control)
- T1057 — Process Discovery (discovery)
Total TTPs: 22
Malware & Tools
Malware: PowerShower, VBShower
Tools: LaZagne