Carbanak/Anunak in the BlueCoat malware analysis appliance
(Publication) Google search: [1]
Carbanak/Anunak in the BlueCoat malware analysis appliance | |
---|---|
Botnet | Anunak (botnet), Qadars |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | Anunak |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2015 / 2015-02-18 |
Editor/Conference | BlueCoat |
Link | https://www.bluecoat.com/security-blog/2015-02-18/carbanakanunak-bluecoat-malware-analysis-appliance (Archive copy) |
Author | Snorre Fagerland |
Type |
Abstract
“ Kaspersky Labs recently published their report on “The Great Bank Robbery: the Carbanak APT” detailing the operations of a criminal gang targeting Russian banks and other targets elsewhere.
The name Carbanak comes from the juxtaposition of “Carberp” – a banking malware which has been around for a few years – and “Anunak” which is the name the attackers themselves gave the new incarnation of this malware.
Carbanak is not entirely unknown for the Infosec community. The Dutch security company Fox-IT, in cooperation with the Russian threat intelligence company Group-IB, published a report on what appears to be the exact same Anunak complex just before Christmas 2014, which may have led to the paper not being noticed as much as it should have. However, this is a fairly large attack complex which deserves a bit of examination.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2015BFR4724, editor = {BlueCoat}, author = {Snorre Fagerland}, title = {Carbanak/Anunak in the BlueCoat malware analysis appliance}, date = {18}, month = Feb, year = {2015}, howpublished = {\url{https://www.bluecoat.com/security-blog/2015-02-18/carbanakanunak-bluecoat-malware-analysis-appliance}}, }