Anunak

Threat Actor updated 6 months ago (2024-05-04T20:51:24.421Z)
Download STIX
Preview STIX
Anunak, also known as Carbanak or FIN7, is a prominent threat actor in the cybercrime landscape. The group emerged around 2013 and specializes in financial theft, primarily targeting Eastern European banks, U.S. and European point-of-sale systems, and other entities. The name "Carbanak" was coined by Kaspersky, though the malware authors themselves refer to the backdoor as Anunak. This group has been known to work closely with other malicious entities such as Evil Corp and TA505, demonstrating a high level of coordination and shared objectives within the cybercriminal community. The group's modus operandi involves the use of sophisticated spear-phishing emails aimed at deploying the Anunak backdoor malware for financial gain and data theft. In one notable attack, they targeted a major multinational car maker using carefully crafted phishing emails. The initial payload initiated a multi-stage execution process to deploy the final payload, a backdoor known as Anunak or Carbanak. This process culminated in the loading and decryption of a file called ‘dmxl.bin,’ which contained the Anunak payload. The Anunak group utilizes living-off-the-land binaries, scripts, and libraries (lolbas) to infect systems and maintain persistence. They have been known to employ lures such as a free IP scanning tool to gain an initial foothold on the target systems. Once the employees are tricked into opening the link, the threat actor deploys its Anunak backdoor, allowing them to infiltrate the network. Despite changes in its composition over time, the Anunak group continues to pose a significant threat due to its versatile backdoor capabilities and persistent attack methodologies.
Description last updated: 2024-05-04T19:37:15.019Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Carbanak is a possible alias for Anunak. Carbanak is a notorious malware developed by the cybercrime collective known as FIN7, also referred to as Carbon Spider, Cobalt Group, and Navigator Group. The group, which has been active since 2012, is of Russian origin and has been particularly focused on exploiting the restaurant, gambling, and
3
FIN7 is a possible alias for Anunak. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Payload
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.