Octopus

Octopus is a Windows Trojan.[1]

ID: S0340
Type: MALWARE
Platforms: Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1132 Data Encoding

Octopus encodes C2 communications in Base64.[1]

Enterprise T1083 File and Directory Discovery

Octopus collects information on the Windows directory and searches for compressed RAR files on the host.[1]

Enterprise T1105 Remote File Copy

Octopus can upload and download files to and from the victim’s machine.[[1]

Enterprise T1113 Screen Capture

Octopus can capture screenshots of the victims’ machine.[1]

Enterprise T1071 Standard Application Layer Protocol

Octopus uses HTTP for C2 communications.[1]

Enterprise T1082 System Information Discovery

Octopus collects system drive information, the computer name, and the size of the disk.[1]

Enterprise T1016 System Network Configuration Discovery

Octopus collects the host IP address from the victim’s machine.[1]

Enterprise T1033 System Owner/User Discovery

Octopus collects the username from the victim’s machine.[1]

Enterprise T1047 Windows Management Instrumentation

Octopus uses wmic.exe for local discovery information.[1]

References