scanbox

Description

(Recorded Future) Scanbox is a reconnaissance framework that enables attackers to track visitors to compromised websites, performs keylogging, and harvests data that could be used to enable follow-on compromises. It has also been reported to have been modified in order to deliver secondary malware on targeted hosts. Written in Javascript and PHP, Scanbox deployment negates the need for malware to be downloaded onto the host device.

Names

Name
scanbox

Category

Malware

Type

• Reconnaissance
• Info stealer
• Keylogger
• Downloader

Information

• https://www.recordedfuture.com/scanbox-framework-campaign/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/js.scanbox

Alienvault Otx

• https://otx.alienvault.com/browse/pulses?q=tag:scanbox

Other Information

Uuid

a29fafb0-ef04-447f-b469-009204f6e356

Last Card Change

2020-04-23