Malware
AcidBox
aka MagicScroll
Unit42 found AcidBox in February 2019 and describes it as a malware family used by an unknown threat actor in 2017 against Russian entities, as stated by Dr.Web.
AcidBox, also known as MagicScroll, is a Windows malware family.
Background
Unit42 discovered AcidBox in February 2019 and, citing Dr.Web, attributes its 2017 use to an unidentified threat actor that deployed it against Russian targets. The malware took a VirtualBox exploit previously leveraged by Turla and enhanced it. AcidBox is built as a modular toolkit that combines usermode and kernelmode components and incorporates anti-analysis measures including stack-based string obfuscation and dynamically XOR-encoded API resolution.
Source: Malpedia (Fraunhofer FKIE).