Octopus

Octopus is a Windows Trojan.[1]

ID: S0340
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1132Data EncodingOctopus encodes C2 communications in Base64.[1]
EnterpriseT1083File and Directory DiscoveryOctopus collects information on the Windows directory and searches for compressed RAR files on the host.[1]
EnterpriseT1105Remote File CopyOctopus can upload and download files to and from the victim’s machine.[[1]
EnterpriseT1113Screen CaptureOctopus can capture screenshots of the victims’ machine.[1]
EnterpriseT1071Standard Application Layer ProtocolOctopus uses HTTP for C2 communications.[1]
EnterpriseT1082System Information DiscoveryOctopus collects system drive information, the computer name, and the size of the disk.[1]
EnterpriseT1016System Network Configuration DiscoveryOctopus collects the host IP address from the victim’s machine.[1]
EnterpriseT1033System Owner/User DiscoveryOctopus collects the username from the victim’s machine.[1]
EnterpriseT1047Windows Management InstrumentationOctopus uses wmic.exe for local discovery information.[1]

References