# KOCTOPUS > Tipo: **malware** · S0669 · [MITRE ATT&CK](https://attack.mitre.org/software/S0669) ## Descrição A variante batch do [[koctopus|KOCTOPUS]] é um loader utilizado pelo [[g0140-lazyscripter|LazyScripter]] desde 2018 para iniciar o [[s0340-octopus|Octopus]] e o [[s0250-koadic|Koadic]] e, em alguns casos, o [[s0262-quasarrat|QuasarRAT]]. O [[koctopus|KOCTOPUS]] também possui uma variante VBA com a mesma funcionalidade da versão batch. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1566-001-spearphishing-attachment|T1566.001 - Spearphishing Attachment]] - [[t1140-deobfuscatedecode-files-or-information|T1140 - Deobfuscaté/Decode Files or Information]] - [[t1204-002-malicious-file|T1204.002 - Malicious File]] - [[t1090-proxy|T1090 - Proxy]] - [[t1112-modify-registry|T1112 - Modify Registry]] - [[t1566-002-spearphishing-link|T1566.002 - Spearphishing Link]] - [[t1082-system-information-discovery|T1082 - System Information Discovery]] - [[t1564-003-hidden-window|T1564.003 - Hidden Window]] - [[t1059-003-windows-command-shell|T1059.003 - Windows Command Shell]] - [[t1105-ingress-tool-transfer|T1105 - Ingress Tool Transfer]] - [[t1562-001-disable-or-modify-tools|T1562.001 - Disable or Modify Tools]] - [[t1204-001-malicious-link|T1204.001 - Malicious Link]] - [[t1070-009-clear-persistence|T1070.009 - Clear Persistence]] - [[t1036-005-match-legitimate-resource-name-or-location|T1036.005 - Match Legitimaté Resource Name or Location]] - [[t1106-native-api|T1106 - Native API]] ## Grupos que Usam - [[g0140-lazyscripter|LazyScripter]] ## Referências - [MITRE ATT&CK - S0669](https://attack.mitre.org/software/S0669)