image credits: csis.dk









Still Active & Alive









Carbanak Aims at Financial gains.

“We speculate that the main purpose of this company is to receive money from fraudulent transactions. As stated in the Kaspersky report, Carbanak-related transfers are rather huge. Possibly, they have registered a company and opened bank accounts in order to receive their stolen money while having full control of the transferring process,”

The experts noticed that binaries used by the recently discovered Carbanak instance are similar to the previous versions, apart from a number of improvement. The new binaries use mutexes and random files, meanwhile, the communication with the C&C server relies on a proprietary protocol.



At least four different new variants of Carbanak was identified, targeting key financial personnel in large international corporations.

Carbanak malware signed by Comodo!

Image credits: csis.dk

its code is signed with a digital certificate issued by Comodo to a Russia-based wholesale company.



One of the new samples analyzed by the researchers was communicating with a C&C server hosted on a bulletproof hosting company.



The CSIS reported the following list of differences between these new variants and the previously observed Carbanak:

– new geographical targets

– a new proprietary protocol

– the use of random files (i. e. main component is static) and mutexes

– predefined IP address (previous variants were using domains)

The experts at CSIS defined the Carbanak gang a financial APT due to the targeted attacks it carried out.



Source:https://www.csis.dk/en/csis/blog/4710/



Also Read: Windows Mount Manager Bug - Birth of Next Stuxnet? The new Carbanak trojan relies on predefined IP addresses instead of domains, in order to improve the evasion capability,to a Russia-based wholesale company.One of the new samples analyzed by the researchers was communicating with a C&C server hosted on a bulletproof hosting company.The CSIS reported the following list of differences between these new variants and the previously observed Carbanak:The experts at CSIS defined the Carbanak gang a financial APT due to the targeted attacks it carried out.