Malware: Octopus

Description

[Octopus](https://attack.mitre.org/software/S0340) is a Windows Trojan written in the Delphi programming language that has been used by [Nomadic Octopus](https://attack.mitre.org/groups/G0133) to target government organizations in Central Asia since at least 2014.(Citation: Securelist Octopus Oct 2018)(Citation: Security Affairs DustSquad Oct 2018)(Citation: ESET Nomadic Octopus 2018)

External References

• mitre-attack
• ESET Nomadic Octopus 2018
• Securelist Octopus Oct 2018
• Security Affairs DustSquad Oct 2018

Techniques Used by This Malware

• T1005 — Data from Local System
• T1016 — System Network Configuration Discovery
• T1033 — System Owner/User Discovery
• T1036.005 — Match Legitimate Resource Name or Location
• T1041 — Exfiltration Over C2 Channel
• T1047 — Windows Management Instrumentation
• T1071.001 — Web Protocols
• T1074.001 — Local Data Staging
• T1082 — System Information Discovery
• T1083 — File and Directory Discovery
• T1105 — Ingress Tool Transfer
• T1113 — Screen Capture
• T1132.001 — Standard Encoding
• T1204.002 — Malicious File
• T1547.001 — Registry Run Keys / Startup Folder
• T1560.001 — Archive via Utility
• T1566.001 — Spearphishing Attachment
• T1567.002 — Exfiltration to Cloud Storage

APT Groups Using This Malware

• Nomadic Octopus