Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 20:34:53 UTC
Home > List all groups > List all tools > List all groups using tool Boostwrite
 Tool: Boostwrite
Names Boostwrite
Category Malware
Type Dropper
Description
(FireEye) An in-memory-only dropper that decrypts embedded payloads using an
encryption key retrieved from a remote server at runtime. FIN7 has been observed
making small changes to this malware family using multiple methods to avoid
traditional antivirus detection, including a BOOSTWRITE sample where the dropper
was signed by a valid Certificate Authority. One of the analyzed BOOSTWRITE
variants contained two payloads: Carbanak and RDFSNIFFER.
Information
MITRE ATT&CK Malpedia AlienVault OTX Last change to this tool card: 22 April 2020
Download this tool card in JSON format
All groups using tool Boostwrite
Changed Name Country Observed
APT groups
 Carbanak, Anunak 2013-Apr 2023
 FIN7 2013-Jul 2024
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2df5d2a9-b01b-46ff-b2e1-d1c332db8479
Page 1 of 2

2 groups listed (2 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2df5d2a9-b01b-46ff-b2e1-d1c332db8479
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2df5d2a9-b01b-46ff-b2e1-d1c332db8479
Page 2 of 2

APT groups Carbanak, Anunak  2013-Apr 2023
FIN7  2013-Jul 2024
 Page 1 of 2