# BoxCaon > Tipo: **malware** · S0651 · [MITRE ATT&CK](https://attack.mitre.org/software/S0651) ## Descrição [[s0651-boxcaon|BoxCaon]] é um backdoor Windows utilizado pelo [[g0136-indigozebra|IndigoZebra]] em uma campanha de spearphishing de 2021 contra funcionários do governo afegão. O nome [[s0651-boxcaon|BoxCaon]] deriva das semelhanças compartilhadas com a família de malware [[s0653-xcaon|xCaon]]. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1102-002-bidirectional-communication|T1102.002 - Bidirectional Commúnication]] - [[t1059-003-windows-command-shell|T1059.003 - Windows Command Shell]] - [[t1083-file-and-directory-discovery|T1083 - File and Directory Discovery]] - [[t1105-ingress-tool-transfer|T1105 - Ingress Tool Transfer]] - [[t1106-native-api|T1106 - Native API]] - [[t1005-data-from-local-system|T1005 - Data from Local System]] - [[t1041-exfiltration-over-c2-channel|T1041 - Exfiltration Over C2 Channel]] - [[t1547-boot-or-logon-autostart-execution|T1547 - Boot or Logon Autostart Execution]] - [[t1567-002-exfiltration-to-cloud-storage|T1567.002 - Exfiltration to Cloud Storage]] - [[t1027-obfuscated-files-or-information|T1027 - Obfuscated Files or Information]] - [[t1016-system-network-configuration-discovery|T1016 - System Network Configuration Discovery]] - [[t1074-001-local-data-staging|T1074.001 - Local Data Staging]] ## Grupos que Usam - [[g0136-indigozebra|IndigoZebra]] ## Referências - [MITRE ATT&CK - S0651](https://attack.mitre.org/software/S0651)