Carbanak is a threat group that mainly targets banks. It also refers to malware of the same name (Carbanak). It is sometimes referred to as FIN7, but these appear to be two groups using the same Carbanak malware and are therefore tracked separately.  
Associated Group Descriptions
|Enterprise||T1543||.003||Create or Modify System Process: Windows Service|
|Enterprise||T1562||.004||Impair Defenses: Disable or Modify System Firewall|
|Enterprise||T1036||.005||Masquerading: Match Legitimate Name or Location|
|.004||Masquerading: Masquerade Task or Service|
|Enterprise||T1219||Remote Access Software|
|Enterprise||T1218||.011||Signed Binary Proxy Execution: Rundll32|
|Enterprise||T1102||.002||Web Service: Bidirectional Communication|
- Kaspersky Lab's Global Research and Analysis Team. (2015, February). CARBANAK APT THE GREAT BANK ROBBERY. Retrieved August 23, 2018.
- Carr, N., et al. (2017, April 24). FIN7 Evolution and the Phishing LNK. Retrieved April 24, 2017.
- Prins, R. (2015, February 16). Anunak (aka Carbanak) Update. Retrieved January 20, 2017.
- Johnston, R. (2016, May 16). State of the Criminal Address. Retrieved December 7, 2017.
- Group-IB and Fox-IT. (2014, December). Anunak: APT against financial institutions. Retrieved April 20, 2016.
- Griffin, N. (2017, January 17). CARBANAK GROUP USES GOOGLE FOR MALWARE COMMAND-AND-CONTROL. Retrieved February 15, 2017.