Group: Carbanak, Anunak

From ATT&CK
Jump to: navigation, search
Carbanak, Anunak
Group
ID G0008
Aliases Carbanak, Anunak

Carbanak is a threat group that mainly targets banks. It also refers to malware of the same name (Carbanak).1

Alias Descriptions

  • Anunak - 2

Techniques Used

  • Legitimate Credentials - Carbanak actors used legitimate credentials of banking employees to perform operations that sent them millions of dollars.1
  • New Service - Carbanak malware installs itself as a service to provide persistence and SYSTEM privileges.1
  • Rundll32 - Carbanak installs VNC server software that executes through rundll32.1
  • Masquerading - Carbanak malware names itself "svchost.exe," which is the name of the Windows shared service host program.1
  • Web Service - Carbanak has used a VBScript named "ggldr" that uses Google Apps Script, Sheets, and Forms services for C2.4

Software