title: Octopus Scanner Malware
id: 805c55d9-31e6-4846-9878-c34c75054fe9
status: experimental
description: Detects Octopus Scanner Malware.
references:
  - https://securitylab.github.com/research/octopus-scanner-malware-open-source-supply-chain
tags:
  - attack.t1195
  - attack.t1195.001
author: NVISO
date: 2020/06/09
logsource:
  product: windows
  category: file_event
detection:
  selection:
    TargetFilename|endswith:
      - '\AppData\Local\Microsoft\Cache134.dat'
      - '\AppData\Local\Microsoft\ExplorerSync.db'
  condition: selection
falsepositives:
  - Unknown
level: high