Carbanak/Anunak in the BlueCoat malware analysis appliance

Revision as of 19:14, 20 August 2015 by Eric.freyssinet (talk | contribs) (Created page with "{{Publication |Botnet=Anunak (botnet), Qadars, |Campaign=Anunak, |Year=2015 |Date=2015-02-18 |Editor=BlueCoat |Link=")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

Carbanak/Anunak in the BlueCoat malware analysis appliance
Botnet Anunak (botnet), Qadars
Botnet/malware group
Exploit kits
Distribution vector
Campaign Anunak
Operation/Working group
Date 2015 / 2015-02-18
Editor/Conference BlueCoat
Link (Archive copy)
Author Snorre Fagerland


Kaspersky Labs recently published their report on “The Great Bank Robbery: the Carbanak APT” detailing the operations of a criminal gang targeting Russian banks and other targets elsewhere.

The name Carbanak comes from the juxtaposition of “Carberp” – a banking malware which has been around for a few years – and “Anunak” which is the name the attackers themselves gave the new incarnation of this malware.

Carbanak is not entirely unknown for the Infosec community. The Dutch security company Fox-IT, in cooperation with the Russian threat intelligence company Group-IB, published a report on what appears to be the exact same Anunak complex just before Christmas 2014, which may have led to the paper not being noticed as much as it should have. However, this is a fairly large attack complex which deserves a bit of examination.


   editor = {BlueCoat},
   author = {Snorre Fagerland},
   title = {Carbanak/Anunak in the BlueCoat malware analysis appliance},
   date = {18},
   month = Feb,
   year = {2015},
   howpublished = {\url{}},