Carbanak/Anunak in the BlueCoat malware analysis appliance

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Carbanak/Anunak in the BlueCoat malware analysis appliance
Botnet Anunak (botnet), Qadars
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign Anunak
Operation/Working group
Vulnerability
CCProtocol
Date 2015 / 2015-02-18
Editor/Conference BlueCoat
Link https://www.bluecoat.com/security-blog/2015-02-18/carbanakanunak-bluecoat-malware-analysis-appliance (Archive copy)
Author Snorre Fagerland
Type

Abstract

Kaspersky Labs recently published their report on “The Great Bank Robbery: the Carbanak APT” detailing the operations of a criminal gang targeting Russian banks and other targets elsewhere.

The name Carbanak comes from the juxtaposition of “Carberp” – a banking malware which has been around for a few years – and “Anunak” which is the name the attackers themselves gave the new incarnation of this malware.

Carbanak is not entirely unknown for the Infosec community. The Dutch security company Fox-IT, in cooperation with the Russian threat intelligence company Group-IB, published a report on what appears to be the exact same Anunak complex just before Christmas 2014, which may have led to the paper not being noticed as much as it should have. However, this is a fairly large attack complex which deserves a bit of examination.

Bibtex

 @misc{Fagerland2015BFR4724,
   editor = {BlueCoat},
   author = {Snorre Fagerland},
   title = {Carbanak/Anunak in the BlueCoat malware analysis appliance},
   date = {18},
   month = Feb,
   year = {2015},
   howpublished = {\url{https://www.bluecoat.com/security-blog/2015-02-18/carbanakanunak-bluecoat-malware-analysis-appliance}},
 }