Octopus Scanner Malware

 1title: Octopus Scanner Malware
 2id: 805c55d9-31e6-4846-9878-c34c75054fe9
 3status: test
 4description: Detects Octopus Scanner Malware.
 5references:
 6    - https://securitylab.github.com/research/octopus-scanner-malware-open-source-supply-chain
 7author: NVISO
 8date: 2020-06-09
 9modified: 2021-11-27
10tags:
11    - attack.t1195
12    - attack.t1195.001
13logsource:
14    product: windows
15    category: file_event
16detection:
17    selection:
18        TargetFilename|endswith:
19            - '\AppData\Local\Microsoft\Cache134.dat'
20            - '\AppData\Local\Microsoft\ExplorerSync.db'
21    condition: selection
22falsepositives:
23    - Unknown
24level: high

References

• The Octopus Scanner Malware: Attacking the open source supply chain

  

  This post details how an open source supply chain malware spread through build artifacts. 26 open source projects were backdoored by this malware and were actively serving backdoored code.

  
  Read More

Related rules

• Outdated Dependency Or Vulnerability Alert Disabled