Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-06 00:18:08 UTC
Home > List all groups > List all tools > List all groups using tool Inception
 Tool: Inception
Names Inception
Category Malware
Type Backdoor
Description
(Symantec) Word documents attached to Inception’s spear-phishing emails leveraged two
Microsoft Office vulnerabilities (CVE-2014-1761 and CVE-2012-0158) to install malware on
the recipient’s computer. The malware had a multi-staged structure that began with a malicious
RTF document and ended with an in-memory DLL payload that communicated, via the
WebDAV protocol, with a command and control (C&C) address from a legitimate cloud
service provider (CloudMe.com). The name “Inception” comes from the group’s many levels
of obfuscation and indirection it employed in delivering this payload.
Information
<https://symantec-blogs.broadcom.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies>
Last change to this tool card: 20 April 2020
Download this tool card in JSON format
All groups using tool Inception
Changed Name Country Observed
APT groups
  Inception Framework, Cloud Atlas 2012-2024  
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=639ea4a1-7345-4e52-88b8-cc1cdb73ef2b
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=639ea4a1-7345-4e52-88b8-cc1cdb73ef2b
Page 1 of 1