SYMBOLCOMMON_NAMEaka. SYNONYMS

Inception Framework  (Back to overview)

aka: Clean Ursa, Cloud Atlas, OXYGEN, G0100, ATK116, Blue Odin

This threat actor uses spear-phishing techniques to target private-sector energy, defense, aerospace, research, and media organizations and embassies in Africa, Europe, and the Middle East, for the purpose of espionage.


Associated Families
apk.cloudatlas ps1.powershower

References
2022-07-18Palo Alto Networks Unit 42Unit42
@online{unit42:20220718:clean:f042eb1, author = {Unit42}, title = {{Clean Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/clean-ursa}, language = {English}, urldate = {2022-08-26} } Clean Ursa
PowerShower Inception Framework
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:clean:053c441, author = {Unit 42}, title = {{Clean Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/clean-ursa/}, language = {English}, urldate = {2022-07-29} } Clean Ursa
PowerShower Inception Framework
2022-04-28PWCPWC UK
@techreport{uk:20220428:cyber:46707aa, author = {PWC UK}, title = {{Cyber Threats 2021: A Year in Retrospect}}, date = {2022-04-28}, institution = {PWC}, url = {https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf}, language = {English}, urldate = {2022-04-29} } Cyber Threats 2021: A Year in Retrospect
APT15 APT31 APT41 APT9 BlackTech BRONZE EDGEWOOD DAGGER PANDA Earth Lusca HAFNIUM HAZY TIGER Inception Framework LOTUS PANDA QUILTED TIGER RedAlpha Red Dev 17 Red Menshen Red Nue VICEROY TIGER
2022-04-28PWCPWC UK
@techreport{uk:20220428:cyber:c43873f, author = {PWC UK}, title = {{Cyber Threats 2021: A Year in Retrospect (Annex)}}, date = {2022-04-28}, institution = {PWC}, url = {https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-annex-download.pdf}, language = {English}, urldate = {2022-04-29} } Cyber Threats 2021: A Year in Retrospect (Annex)
Cobalt Strike Conti PlugX RokRAT Inception Framework Red Menshen
2021-02-28PWC UKPWC UK
@techreport{uk:20210228:cyber:bd780cd, author = {PWC UK}, title = {{Cyber Threats 2020: A Year in Retrospect}}, date = {2021-02-28}, institution = {PWC UK}, url = {https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf}, language = {English}, urldate = {2021-03-04} } Cyber Threats 2020: A Year in Retrospect
elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Tonto Team
2020-07-05Council on Foreign RelationsCyber Operations Tracker
@online{tracker:20200705:red:c1681e4, author = {Cyber Operations Tracker}, title = {{Red October}}, date = {2020-07-05}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/cyber-operations/red-october}, language = {English}, urldate = {2022-08-26} } Red October
Inception Framework
2020-05-08MITREMITRE ATT&CK
@online{attck:20200508:inception:354e1e3, author = {MITRE ATT&CK}, title = {{Inception}}, date = {2020-05-08}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0100}, language = {English}, urldate = {2022-08-26} } Inception
PowerShower LaZagne Inception Framework
2020-05-08MITREMITRE ATT&CK
@online{attck:20200508:inception:a4454ac, author = {MITRE ATT&CK}, title = {{Inception}}, date = {2020-05-08}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0100/}, language = {English}, urldate = {2022-07-05} } Inception
PowerShower LaZagne
2019-08-12Kaspersky LabsGReAT
@online{great:20190812:recent:3a35688, author = {GReAT}, title = {{Recent Cloud Atlas activity}}, date = {2019-08-12}, organization = {Kaspersky Labs}, url = {https://securelist.com/recent-cloud-atlas-activity/92016/}, language = {English}, urldate = {2019-12-20} } Recent Cloud Atlas activity
PowerShower
2019-08-12Kaspersky LabsGReAT
@online{great:20190812:recent:2328908, author = {GReAT}, title = {{Recent Cloud Atlas activity}}, date = {2019-08-12}, organization = {Kaspersky Labs}, url = {https://securelist.com/recent-cloud-atlas-activity/92016}, language = {English}, urldate = {2022-08-26} } Recent Cloud Atlas activity
PowerShower Inception Framework
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:inception:112e0c0, author = {Cyber Operations Tracker}, title = {{Inception Framework}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/inception-framework}, language = {English}, urldate = {2019-12-20} } Inception Framework
Inception Framework
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:cloud:5270d10, author = {Cyber Operations Tracker}, title = {{Cloud Atlas}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/cloud-atlas}, language = {English}, urldate = {2019-12-20} } Cloud Atlas
Inception Framework
2018-11-05Palo Alto Networks Unit 42Tom Lancaster
@online{lancaster:20181105:inception:09bda7d, author = {Tom Lancaster}, title = {{Inception Attackers Target Europe with Year-old Office Vulnerability}}, date = {2018-11-05}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/unit42-inception-attackers-target-europe-year-old-office-vulnerability}, language = {English}, urldate = {2022-08-26} } Inception Attackers Target Europe with Year-old Office Vulnerability
PowerShower Inception Framework
2018-11-05Palo Alto Networks Unit 42Tom Lancaster
@online{lancaster:20181105:inception:4eb9f99, author = {Tom Lancaster}, title = {{Inception Attackers Target Europe with Year-old Office Vulnerability}}, date = {2018-11-05}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/unit42-inception-attackers-target-europe-year-old-office-vulnerability/}, language = {English}, urldate = {2019-12-20} } Inception Attackers Target Europe with Year-old Office Vulnerability
PowerShower
2018-03-14SymantecSecurity Response Attack Investigation Team, Network Protection Security Labs
@online{team:20180314:inception:ee787d2, author = {Security Response Attack Investigation Team and Network Protection Security Labs}, title = {{Inception Framework: Alive and Well, and Hiding Behind Proxies}}, date = {2018-03-14}, organization = {Symantec}, url = {https://www.symantec.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies}, language = {English}, urldate = {2020-01-09} } Inception Framework: Alive and Well, and Hiding Behind Proxies
Inception Framework
2017-10-16AkamaiAkamei
@techreport{akamei:20171016:upnproxy:044596d, author = {Akamei}, title = {{UPnProxy: Blackhat Proxies via NAT Injections}}, date = {2017-10-16}, institution = {Akamai}, url = {https://www.akamai.com/uk/en/multimedia/documents/white-paper/upnproxy-blackhat-proxies-via-nat-injections-white-paper.pdf}, language = {English}, urldate = {2019-12-10} } UPnProxy: Blackhat Proxies via NAT Injections
Inception Framework
2017-09-18Kaspersky LabsAlexander Liskin, Anton Ivanov, Andrey Kryukov
@online{liskin:20170918:undocumented:46e11f4, author = {Alexander Liskin and Anton Ivanov and Andrey Kryukov}, title = {{An (un)documented Word feature abused by attackers}}, date = {2017-09-18}, organization = {Kaspersky Labs}, url = {https://securelist.com/an-undocumented-word-feature-abused-by-attackers/81899}, language = {English}, urldate = {2022-08-26} } An (un)documented Word feature abused by attackers
Inception Framework
2015-01-20Blue CoatBasavaraj K. Biradar
@techreport{biradar:20150120:reversing:8a25caf, author = {Basavaraj K. Biradar}, title = {{Reversing the Inception APT malware}}, date = {2015-01-20}, institution = {Blue Coat}, url = {https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2015/Inception_APT_Analysis_Bluecoat.pdf}, language = {English}, urldate = {2020-04-21} } Reversing the Inception APT malware
Inception Framework
2015-01-14LogRhythmTony Massé
@online{mass:20150114:catching:33c67af, author = {Tony Massé}, title = {{Catching the “Inception Framework” Phishing Attack}}, date = {2015-01-14}, organization = {LogRhythm}, url = {https://logrhythm.com/blog/catching-the-inception-framework-phishing-attack/}, language = {English}, urldate = {2020-04-21} } Catching the “Inception Framework” Phishing Attack
Inception Framework
2015-01-14LogRhythmTony Massé
@online{mass:20150114:catching:841eb77, author = {Tony Massé}, title = {{Catching the “Inception Framework” Phishing Attack}}, date = {2015-01-14}, organization = {LogRhythm}, url = {https://logrhythm.com/blog/catching-the-inception-framework-phishing-attack}, language = {English}, urldate = {2022-08-25} } Catching the “Inception Framework” Phishing Attack
Inception Framework
2014-12-10Kaspersky LabsGReAT
@online{great:20141210:cloud:493b7e0, author = {GReAT}, title = {{Cloud Atlas: RedOctober APT is back in style}}, date = {2014-12-10}, organization = {Kaspersky Labs}, url = {https://securelist.com/cloud-atlas-redoctober-apt-is-back-in-style/68083}, language = {English}, urldate = {2022-08-25} } Cloud Atlas: RedOctober APT is back in style
Inception Framework
2014-12-10Kaspersky LabsGReAT
@online{great:20141210:cloud:ccb4794, author = {GReAT}, title = {{Cloud Atlas: RedOctober APT is back in style}}, date = {2014-12-10}, organization = {Kaspersky Labs}, url = {https://securelist.com/cloud-atlas-redoctober-apt-is-back-in-style/68083/}, language = {English}, urldate = {2019-12-20} } Cloud Atlas: RedOctober APT is back in style
Inception Framework
2014-12-09Blue CoatSnorre Fagerland, Waylon Grange
@online{fagerland:20141209:blue:0d254a1, author = {Snorre Fagerland and Waylon Grange}, title = {{Blue Coat Exposes “The Inception Framework”; Very Sophisticated, Layered Malware Attack Targeted at Military, Diplomats, and Business Execs}}, date = {2014-12-09}, organization = {Blue Coat}, url = {https://web.archive.org/web/20160710180729/https://www.bluecoat.com/security-blog/2014-12-09/blue-coat-exposes-%E2%80%9C-inception-framework%E2%80%9D-very-sophisticated-layered-malware}, language = {English}, urldate = {2020-04-21} } Blue Coat Exposes “The Inception Framework”; Very Sophisticated, Layered Malware Attack Targeted at Military, Diplomats, and Business Execs
CloudAtlas Inception Framework
2014-12-09SymantecWaylon Grange
@online{grange:20141209:blue:63864e2, author = {Waylon Grange}, title = {{Blue Coat Exposes “The Inception Framework”; Very Sophisticated, Layered Malware Attack Targeted at Military, Diplomats, and Bus}}, date = {2014-12-09}, organization = {Symantec}, url = {https://www.symantec.com/connect/blogs/blue-coat-exposes-inception-framework-very-sophisticated-layered-malware-attack-targeted-milit}, language = {English}, urldate = {2019-12-20} } Blue Coat Exposes “The Inception Framework”; Very Sophisticated, Layered Malware Attack Targeted at Military, Diplomats, and Bus
Inception Framework
2014-12-09Blue CoatSnorre Fagerland, Waylon Grange
@techreport{fagerland:20141209:inception:1966734, author = {Snorre Fagerland and Waylon Grange}, title = {{The Inception Framework: Cloud-hosted APT}}, date = {2014-12-09}, institution = {Blue Coat}, url = {https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/bcs_wp_InceptionReport_EN_v12914.pdf}, language = {English}, urldate = {2020-04-21} } The Inception Framework: Cloud-hosted APT
Inception Framework
2013-01-17Kaspersky LabsGReAT
@online{great:20130117:red:77d6972, author = {GReAT}, title = {{“Red October” – Part Two, the Modules}}, date = {2013-01-17}, organization = {Kaspersky Labs}, url = {https://securelist.com/red-october-part-two-the-modules/57645}, language = {English}, urldate = {2022-08-25} } “Red October” – Part Two, the Modules
Inception Framework
2013-01-14Kaspersky LabsGReAT
@online{great:20130114:red:ac55753, author = {GReAT}, title = {{"Red October" Diplomatic Cyber Attacks Investigation}}, date = {2013-01-14}, organization = {Kaspersky Labs}, url = {https://securelist.com/red-october-diplomatic-cyber-attacks-investigation/36740/}, language = {English}, urldate = {2020-04-06} } "Red October" Diplomatic Cyber Attacks Investigation
Inception Framework
2013-01-14Kaspersky LabsGReAT
@online{great:20130114:red:0e66739, author = {GReAT}, title = {{The “Red October” Campaign – An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies}}, date = {2013-01-14}, organization = {Kaspersky Labs}, url = {https://securelist.com/the-red-october-campaign/57647}, language = {English}, urldate = {2022-08-25} } The “Red October” Campaign – An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies
Inception Framework
2013-01-14Kaspersky LabsGReAT
@online{great:20130114:red:a347681, author = {GReAT}, title = {{“Red October” Diplomatic Cyber Attacks Investigation}}, date = {2013-01-14}, organization = {Kaspersky Labs}, url = {https://securelist.com/red-october-diplomatic-cyber-attacks-investigation/36740}, language = {English}, urldate = {2022-08-25} } “Red October” Diplomatic Cyber Attacks Investigation
Inception Framework

Credits: MISP Project