Inception

Description

(Symantec) Word documents attached to Inception’s spear-phishing emails leveraged two Microsoft Office vulnerabilities (CVE-2014-1761 and CVE-2012-0158) to install malware on the recipient’s computer. The malware had a multi-staged structure that began with a malicious RTF document and ended with an in-memory DLL payload that communicated, via the WebDAV protocol, with a command and control (C&C) address from a legitimate cloud service provider (CloudMe.com). The name “Inception” comes from the group’s many levels of obfuscation and indirection it employed in delivering this payload.

Names

Name
Inception

Type

Backdoor

Information

https://symantec-blogs.broadcom.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies

Other Information

Uuid

639ea4a1-7345-4e52-88b8-cc1cdb73ef2b

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

Inception

Inception

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks