Octopus Scanner Malware

Detects Octopus Scanner Malware.

Sigma rule (View on GitHub)

 1title: Octopus Scanner Malware
 2id: 805c55d9-31e6-4846-9878-c34c75054fe9
 3status: test
 4description: Detects Octopus Scanner Malware.
 5references:
 6    - https://securitylab.github.com/research/octopus-scanner-malware-open-source-supply-chain
 7author: NVISO
 8date: 2020/06/09
 9modified: 2021/11/27
10tags:
11    - attack.t1195
12    - attack.t1195.001
13logsource:
14    product: windows
15    category: file_event
16detection:
17    selection:
18        TargetFilename|endswith:
19            - '\AppData\Local\Microsoft\Cache134.dat'
20            - '\AppData\Local\Microsoft\ExplorerSync.db'
21    condition: selection
22falsepositives:
23    - Unknown
24level: high

References

to-top