Description
[Carbanak](https://attack.mitre.org/groups/G0008) is a cybercriminal group that has used [Carbanak](https://attack.mitre.org/software/S0030) malware to target financial institutions since at least 2013. [Carbanak](https://attack.mitre.org/groups/G0008) may be linked to groups tracked separately as [Cobalt Group](https://attack.mitre.org/groups/G0080) and [FIN7](https://attack.mitre.org/groups/G0046) that have also used [Carbanak](https://attack.mitre.org/software/S0030) malware.(Citation: Kaspersky Carbanak)(Citation: FireEye FIN7 April 2017)(Citation: Europol Cobalt Mar 2018)(Citation: Secureworks GOLD NIAGARA Threat Profile)(Citation: Secureworks GOLD KINGSWOOD Threat Profile)
Techniques Used (TTPs)
- T1562.004 — Disable or Modify System Firewall (defense-evasion)
- T1036.004 — Masquerade Task or Service (defense-evasion)
- T1218.011 — Rundll32 (defense-evasion)
- T1078 — Valid Accounts (defense-evasion, persistence, privilege-escalation, initial-access)
- T1102.002 — Bidirectional Communication (command-and-control)
- T1543.003 — Windows Service (persistence, privilege-escalation)
- T1219 — Remote Access Tools (command-and-control)
- T1036.005 — Match Legitimate Resource Name or Location (defense-evasion)
- T1588.002 — Tool (resource-development)
Total TTPs: 9