BoxCaon

Malware updated 6 months ago (2024-05-05T10:17:41.881Z)
Download STIX
Preview STIX
BoxCaon is a newly discovered malware variant attributed to the xCaon family, based on code and functionality similarities. It's an updated backdoor that uses Dropbox, a legitimate cloud-storage service, as its Command and Control (C&C) server. This particular variant, named BoxCaon, was found targeting Afghan government officials, while other HTTP variants were observed focusing on political entities in Central Asian countries, specifically Kyrgyzstan and Uzbekistan. The discovery of almost 30 related executables, each bearing varying degrees of similarity with the spools.exe BoxCaon backdoor, indicates a widespread distribution. The BoxCaon malware is part of a larger cyber-espionage operation targeting governmental agencies in Central Asia. It operates alongside the Poison Ivy and xCaon backdoors, with the unique feature of using Dropbox as its C&C infrastructure. Once infiltrated, BoxCaon can steal confidential data, run arbitrary commands, and exfiltrate the results back to the Dropbox folder, allowing threat actors to effectively control compromised devices and access sensitive information. BoxCaon's connection to the threat actor IndigoZebra is suggested by shared similarities between this new malware and xCaon. Furthermore, code similarities have been identified between BoxCaon and a file named "Investigating China’s Crimes against Humanity.exe," implying a potential link to politically motivated cybercrime. As such, BoxCaon represents a significant threat due to its sophisticated use of legitimate services for malicious purposes and its focus on high-value governmental targets.
Description last updated: 2024-05-05T09:29:03.085Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the BoxCaon Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more