🇷🇺
Inception Framework
APT Group
Information theft and espionage
2 zero-day CVEs
ETDA ✓
Also Known As 6 names
ATK116
Blue Odin
Clean Ursa
Cloud Atlas
G0100
OXYGEN
Target Countries 49
Countries highlighted in red
Afghanistan
Armenia
Austria
Azerbaijan
Belgium
Brazil
Belarus
Congo
Switzerland
China
Cyprus
Germany
France
Georgia
Greece
Indonesia
India
Islamic Republic of Iran
Italy
Jordan
Kenya
Kyrgyzstan
Kazakhstan
Lebanon
Lithuania
Morocco
Republic of Moldova
Malaysia
Mozambique
Oman
Pakistan
Portugal
Paraguay
Qatar
Romania
Saudi Arabia
Slovenia
Suriname
Tajikistan
Turkmenistan
Turkey
United Republic of Tanzania
Ukraine
Uganda
United States
Uzbekistan
Bolivarian Republic of Venezuela
Vietnam
South Africa
Sectors Targeted
Engineering
Defense
Embassies
Research
Oil and gas
Aerospace
Energy
National Security and International Affairs
9281
Government
Financial
Details
Origin
🇷🇺 RU
Last Updated
01 Jun 2022
Malware Families 2
SparkKitty
SparkCat
MITRE ATT&CK 80
T1001 - Data Obfuscation
T1003.001 - LSASS Memory
T1012 - Query Registry
T1014 - Rootkit
T1016 - System Network Configuration Discovery
T1021
T1027 - Obfuscated Files or Information
T1027.002 - Software Packing
T1033 - System Owner/User Discovery
T1036 - Masquerading
T1036.004 - Masquerade Task or Service
T1036.005 - Match Legitimate Name or Location
T1041 - Exfiltration Over C2 Channel
T1049 - System Network Connections Discovery
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task
T1055 - Process Injection
T1056 - Input Capture
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003 - Windows Command Shell
T1059.005 - Visual Basic
T1070 - Indicator Removal on Host
T1070.004 - File Deletion
T1071
T1071.001 - Web Protocols
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1090 - Proxy
T1090.001
T1102 - Web Service
T1102.002 - Bidirectional Communication
T1105 - Ingress Tool Transfer
T1112 - Modify Registry
T1132
T1132.001 - Standard Encoding
T1134 - Access Token Manipulation
T1140 - Deobfuscate/Decode Files or Information
T1157 - Dylib Hijacking
T1195 - Supply Chain Compromise
T1199 - Trusted Relationship
T1203
T1204 - User Execution
T1204.002 - Malicious File
T1218 - Signed Binary Proxy Execution
T1490 - Inhibit System Recovery
T1496 - Resource Hijacking
T1518.001 - Security Software Discovery
T1526 - Cloud Service Discovery
T1530 - Data from Cloud Storage Object
T1543.003 - Windows Service
T1547 - Boot or Logon Autostart Execution
T1547.001 - Registry Run Keys / Startup Folder
T1552.001 - Credentials In Files
T1553.002 - Code Signing
T1553.005 - Mark-of-the-Web Bypass
T1555.003 - Credentials from Web Browsers
T1559
T1560 - Archive Collected Data
T1564 - Hide Artifacts
T1565.001 - Stored Data Manipulation
T1566 - Phishing
T1566.001 - Spearphishing Attachment
T1569 - System Services
T1573.001 - Symmetric Cryptography
T1574 - Hijack Execution Flow
T1583
T1584 - Compromise Infrastructure
T1584.001 - Domains
T1585
T1586 - Compromise Accounts
T1586.002 - Email Accounts
T1587 - Develop Capabilities
T1587.001 - Malware
T1588 - Obtain Capabilities
T1588.001 - Malware
T1589 - Gather Victim Identity Information
T1589.002 - Email Addresses
T1608