Currently viewing ATT&CK v8.2 which was live between October 27, 2020 and April 28, 2021. Learn more about the versioning system or see the live site.
SOFTWARE
Aria-body
SOFTWARE
1-9
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Y-Z
  1. Home
  2. Software
  3. Octopus

Octopus

Octopus is a Windows Trojan.[1]

ID: S0340
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 30 January 2019
Last Modified: 20 March 2020
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1071 .001 Application Layer Protocol: Web Protocols

Octopus uses HTTP for C2 communications.[1]
Enterprise T1132 .001 Data Encoding: Standard Encoding

Octopus encodes C2 communications in Base64.[1]
Enterprise T1083 File and Directory Discovery

Octopus collects information on the Windows directory and searches for compressed RAR files on the host.[1]
Enterprise T1105 Ingress Tool Transfer

Octopus can upload and download files to and from the victim’s machine.[1]
Enterprise T1113 Screen Capture

Octopus can capture screenshots of the victims’ machine.[1]
Enterprise T1082 System Information Discovery

Octopus collects system drive information, the computer name, and the size of the disk.[1]
Enterprise T1016 System Network Configuration Discovery

Octopus collects the host IP address from the victim’s machine.[1]
Enterprise T1033 System Owner/User Discovery

Octopus collects the username from the victim’s machine.[1]
Enterprise T1047 Windows Management Instrumentation

Octopus uses wmic.exe for local discovery information.[1]

References

  1. Kaspersky Lab's Global Research & Analysis Team. (2018, October 15). Octopus-infested seas of Central Asia. Retrieved November 14, 2018.