Nomadic Octopus is a Russian-speaking cyberespionage threat group that has primarily targeted Central Asia, including local governments, diplomatic missions, and individuals, since at least 2014. Nomadic Octopus has been observed conducting campaigns involving Android and Windows malware, mainly using the Delphi programming language, and building custom variants.
|Enterprise||T1059||.001||Command and Scripting Interpreter: PowerShell|
|.003||Command and Scripting Interpreter: Windows Command Shell|
|Enterprise||T1564||.003||Hide Artifacts: Hidden Window|
|Enterprise||T1105||Ingress Tool Transfer|
|Enterprise||T1566||.001||Phishing: Spearphishing Attachment|
|Enterprise||T1204||.002||User Execution: Malicious File|
|S0340||Octopus||||Application Layer Protocol: Web Protocols, Archive Collected Data: Archive via Utility, Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder, Data Encoding: Standard Encoding, Data from Local System, Data Staged: Local Data Staging, Exfiltration Over C2 Channel, Exfiltration Over Web Service: Exfiltration to Cloud Storage, File and Directory Discovery, Ingress Tool Transfer, Masquerading: Match Legitimate Name or Location, Phishing: Spearphishing Attachment, Screen Capture, System Information Discovery, System Network Configuration Discovery, System Owner/User Discovery, User Execution: Malicious File, Windows Management Instrumentation|