Malware: BoxCaon

Description

[BoxCaon](https://attack.mitre.org/software/S0651) is a Windows backdoor that was used by [IndigoZebra](https://attack.mitre.org/groups/G0136) in a 2021 spearphishing campaign against Afghan government officials. [BoxCaon](https://attack.mitre.org/software/S0651)'s name stems from similarities shared with the malware family [xCaon](https://attack.mitre.org/software/S0653).(Citation: Checkpoint IndigoZebra July 2021)

External References

• mitre-attack
• Checkpoint IndigoZebra July 2021
• HackerNews IndigoZebra July 2021

Techniques Used by This Malware

• T1005 — Data from Local System
• T1016 — System Network Configuration Discovery
• T1027 — Obfuscated Files or Information
• T1041 — Exfiltration Over C2 Channel
• T1059.003 — Windows Command Shell
• T1074.001 — Local Data Staging
• T1083 — File and Directory Discovery
• T1102.002 — Bidirectional Communication
• T1105 — Ingress Tool Transfer
• T1106 — Native API
• T1547 — Boot or Logon Autostart Execution
• T1567.002 — Exfiltration to Cloud Storage

APT Groups Using This Malware

• IndigoZebra