Malware: xCaon

Description

[xCaon](https://attack.mitre.org/software/S0653) is an HTTP variant of the [BoxCaon](https://attack.mitre.org/software/S0651) malware family that has used by [IndigoZebra](https://attack.mitre.org/groups/G0136) since at least 2014. [xCaon](https://attack.mitre.org/software/S0653) has been used to target political entities in Central Asia, including Kyrgyzstan and Uzbekistan.(Citation: Checkpoint IndigoZebra July 2021)(Citation: Securelist APT Trends Q2 2017)

External References

• mitre-attack
• Checkpoint IndigoZebra July 2021
• Securelist APT Trends Q2 2017

Techniques Used by This Malware

• T1005 — Data from Local System
• T1016 — System Network Configuration Discovery
• T1059.003 — Windows Command Shell
• T1071.001 — Web Protocols
• T1105 — Ingress Tool Transfer
• T1106 — Native API
• T1132.001 — Standard Encoding
• T1140 — Deobfuscate/Decode Files or Information
• T1518.001 — Security Software Discovery
• T1547 — Boot or Logon Autostart Execution
• T1573.001 — Symmetric Cryptography

APT Groups Using This Malware

• IndigoZebra