title: Octopus Scanner Malware
author: NVISO
date: 2020/06/09
description: Detects Octopus Scanner Malware.
detection:
  SELECTION_1:
    EventID: 11
  SELECTION_2:
    TargetFilename:
    - '*\AppData\Local\Microsoft\Cache134.dat'
    - '*\AppData\Local\Microsoft\ExplorerSync.db'
  condition: (SELECTION_1 and SELECTION_2)
falsepositives:
- Unknown
id: 805c55d9-31e6-4846-9878-c34c75054fe9
level: high
logsource:
  category: file_event
  product: windows
references:
- https://securitylab.github.com/research/octopus-scanner-malware-open-source-supply-chain
status: experimental
tags:
- attack.t1195
- attack.t1195.001
ruletype: SIGMA