Nomadic Octopus
Associated Group Descriptions |
|
Name | Description |
---|---|
DustSquad | (Citation: Security Affairs DustSquad Oct 2018)(Citation: Securelist Octopus Oct 2018)(Citation: SecurityWeek Nomadic Octopus Oct 2018) |
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .001 | Command and Scripting Interpreter: PowerShell |
Nomadic Octopus has used PowerShell for execution.(Citation: ESET Nomadic Octopus 2018) |
.003 | Command and Scripting Interpreter: Windows Command Shell |
Nomadic Octopus used |
||
Enterprise | T1564 | .003 | Hide Artifacts: Hidden Window |
Nomadic Octopus executed PowerShell in a hidden window.(Citation: ESET Nomadic Octopus 2018) |
Enterprise | T1566 | .001 | Phishing: Spearphishing Attachment |
Nomadic Octopus has targeted victims with spearphishing emails containing malicious attachments.(Citation: Security Affairs DustSquad Oct 2018)(Citation: ESET Nomadic Octopus 2018) |
Enterprise | T1204 | .002 | User Execution: Malicious File |
Nomadic Octopus as attempted to lure victims into clicking on malicious attachments within spearphishing emails.(Citation: Securelist Octopus Oct 2018)(Citation: ESET Nomadic Octopus 2018) |
Software |
|||
ID | Name | References | Techniques |
---|---|---|---|
S0340 | Octopus | (Citation: ESET Nomadic Octopus 2018) (Citation: Securelist Octopus Oct 2018) (Citation: Security Affairs DustSquad Oct 2018) | Data from Local System, System Owner/User Discovery, Standard Encoding, Exfiltration Over C2 Channel, Match Legitimate Name or Location, System Network Configuration Discovery, File and Directory Discovery, Exfiltration to Cloud Storage, System Information Discovery, Registry Run Keys / Startup Folder, Local Data Staging, Archive via Utility, Windows Management Instrumentation, Web Protocols, Spearphishing Attachment, Ingress Tool Transfer, Malicious File, Screen Capture |
References
- Paganini, P. (2018, October 16). Russia-linked APT group DustSquad targets diplomatic entities in Central Asia. Retrieved August 24, 2021.
- Kaspersky Lab's Global Research & Analysis Team. (2018, October 15). Octopus-infested seas of Central Asia. Retrieved November 14, 2018.
- Cherepanov, A. (2018, October 4). Nomadic Octopus Cyber espionage in Central Asia. Retrieved October 13, 2021.
- Kovacs, E. (2018, October 18). Russia-Linked Hackers Target Diplomatic Entities in Central Asia. Retrieved October 13, 2021.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.