Octopus

Description

(Kaspersky) The name was originally coined by ESET in 2017 after the 0ct0pus3.php script used by the actor on their old C2 servers.

In the case of Octopus, DustSquad used Delphi as their programming language of choice, which is unusual for such an actor.

In April 2018 we discovered a new Octopus sample pretending to be Telegram Messenger with a Russian interface. We couldn´t find any legitimate software that this malware appears to be impersonating; in fact, we don´t believe it exists. The Trojan uses third-party Delphi libraries like The Indy Project for JSON-based C2 communications and TurboPower Abbrevia (sourceforge.net/projects/tpabbrevia) for compression. Malware persistence is basic and achieved via the system registry. The server side uses commercial hosting in different countries with .php scripts deployed.

Names

Name
Octopus

Type

Backdoor

Information

https://securelist.com/octopus-infested-seas-of-central-asia/88200/

Mitre Attack

https://attack.mitre.org/software/S0340/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.octopus

Other Information

Uuid

3d3bf55f-402e-4122-a52b-196aed8e6507

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

Octopus

Octopus

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks