Register to stream ATT&CKcon 2.0 October 29-30


Octopus is a Windows Trojan.[1]

ID: S0340
Platforms: Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1132 Data Encoding Octopus encodes C2 communications in Base64. [1]
Enterprise T1083 File and Directory Discovery Octopus collects information on the Windows directory and searches for compressed RAR files on the host. [1]
Enterprise T1105 Remote File Copy Octopus can upload and download files to and from the victim’s machine.[ [1]
Enterprise T1113 Screen Capture Octopus can capture screenshots of the victims’ machine. [1]
Enterprise T1071 Standard Application Layer Protocol Octopus uses HTTP for C2 communications. [1]
Enterprise T1082 System Information Discovery Octopus collects system drive information, the computer name, and the size of the disk. [1]
Enterprise T1016 System Network Configuration Discovery Octopus collects the host IP address from the victim’s machine. [1]
Enterprise T1033 System Owner/User Discovery Octopus collects the username from the victim’s machine. [1]
Enterprise T1047 Windows Management Instrumentation Octopus uses wmic.exe for local discovery information. [1]