Octopus Scanner Malware

 1title: Octopus Scanner Malware
 2id: 805c55d9-31e6-4846-9878-c34c75054fe9
 3status: test
 4description: Detects Octopus Scanner Malware.
 5references:
 6    - https://securitylab.github.com/research/octopus-scanner-malware-open-source-supply-chain
 7author: NVISO
 8date: 2020-06-09
 9modified: 2021-11-27
10tags:
11    - attack.initial-access
12    - attack.t1195
13    - attack.t1195.001
14logsource:
15    product: windows
16    category: file_event
17detection:
18    selection:
19        TargetFilename|endswith:
20            - '\AppData\Local\Microsoft\Cache134.dat'
21            - '\AppData\Local\Microsoft\ExplorerSync.db'
22    condition: selection
23falsepositives:
24    - Unknown
25level: high

References

• Redirecting…

  Redirecting… Click here if you are not redirected.

  
  Read More

Related rules

• Outdated Dependency Or Vulnerability Alert Disabled
• DNS Query Request By QuickAssist.EXE
• F5 BIG-IP iControl Rest API Command Execution - Webserver
• OpenCanary - FTP Login Attempt
• Potential Malicious Usage of CloudTrail System Manager