{"id":9541,"date":"2019-04-26T00:52:00","date_gmt":"2019-04-25T22:52:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=9541"},"modified":"2019-04-25T15:57:26","modified_gmt":"2019-04-25T13:57:26","slug":"source-code-of-carbanak-backdoor-discovered","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/04\/26\/source-code-of-carbanak-backdoor-discovered\/","title":{"rendered":"Source Code of CARBANAK backdoor discovered"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2019\/04\/25\/quellcode-des-carbanak-banking-trojaner-entdeckt\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]The banking Trojan CARBANAK is well known for some malware attacks and digital raids in recent years. Now security researchers have discovered the source code on VirusTotal and <\/p>\n<p><!--more--><\/p>\n<p>A few days ago there was news that security researchers from FireEye had made an amazing discovery. The source code of the Carbanak backdoor was discovered on VirusTotal (see the following tweet by Catalin Cimpanu).  <\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"de\">\n<p lang=\"en\" dir=\"ltr\">FireEye researchers gained access to FIN7's Carbanak backdoor source code<a href=\"https:\/\/t.co\/VeUurCwCIB\">https:\/\/t.co\/VeUurCwCIB<\/a> <a href=\"https:\/\/t.co\/WN8DHKLQ8J\">pic.twitter.com\/WN8DHKLQ8J<\/a><\/p>\n<p>\u2014 Catalin Cimpanu (@campuscodi) <a href=\"https:\/\/twitter.com\/campuscodi\/status\/1120424190572732424?ref_src=twsrc%5Etfw\">22. April 2019<\/a><\/p><\/blockquote>\n<p><span id=\"preserve74ee46a608cc45b88e2406c37a2a9d5a\" class=\"wlWriterPreserve\"><SCRIPT charset=\"utf-8\" src=\"https:\/\/platform.twitter.com\/widgets.js\" async><\/SCRIPT><\/span> <\/p>\n<h2>Some background information<\/h2>\n<p>Carbanak is one of the most comprehensive and dangerous malware families. Other names are also FIN7, Anunak or Cobalt. The malware is being developed by a group of cyber criminals. The group has been involved in several attacks on banks, financial institutions, hospitals and restaurants.<\/p>\n<h2>Source Code discovered for real <\/h2>\n<p>Last July there was a short rumour that the source code of Carbanak had reached the public. But security researchers from Kaspersky Lab later confirmed that the source code found was not the Carbanak Trojan, as <a href=\"https:\/\/thehackernews.com\/2019\/04\/carbanak-malware-source-code.html\" target=\"_blank\" rel=\"noopener noreferrer\">The Hacker News writes here<\/a>. Now FireEye cyber security researchers have really discovered the Carbanak source code, its builder and some previously invisible plugins. These were uploaded two years ago from a Russian IP address to the VirusTotal malware scan engine in two RAR archives [<a href=\"https:\/\/www.virustotal.com\/gui\/file\/783b2eefdb90eb78cfda475073422ee86476aca65d67ff2c9cf6a6f9067ba5fa\/detection\" target=\"_blank\" rel=\"noopener noreferrer\">1<\/a>, <a href=\"https:\/\/www.virustotal.com\/gui\/file\/4116ec1eb75cf336a3fdde253c28f712668d0a325a74c41445c7fa87c4e9b7a5\/detection\" target=\"_blank\" rel=\"noopener noreferrer\">2<\/a>].<\/p>\n<p>FireEye's security researchers have now published corresponding information in the <a href=\"https:\/\/www.fireeye.com\/blog\/threat-research\/2019\/04\/carbanak-week-part-one-a-rare-occurrence.html\" target=\"_blank\" rel=\"noopener noreferrer\">FireEye blog<\/a>. Gour blog posts reveals details of what they found out. For normal users this has no practical use, but for security researchers it is a gold mine. Let's see what else we can learn from it. Some summary information can also be found at <a href=\"https:\/\/thehackernews.com\/2019\/04\/carbanak-malware-source-code.html\" target=\"_blank\" rel=\"noopener noreferrer\">The Hacker News<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]The banking Trojan CARBANAK is well known for some malware attacks and digital raids in recent years. Now security researchers have discovered the source code on VirusTotal and<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-9541","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/9541","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=9541"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/9541\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=9541"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=9541"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=9541"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}