NotCarbanak Mystery - Source Code Leak

2018, Jul 11    

I got a tip a very short time ago in our slack group about possible Carbanak source code leak. A quick google search proven this is indeed a possibility.

hxxp://mal4all.com/showthread.php?tid=494&action=lastpost

Here is the source code in a zip file.

Please make sure you use proper security steps such as sandbox and isolated environment. The origin of this zip files is unknown and was not inspected for booby traps etc.

This file was uploaded for research and defense purpose only. If you plan to use this for malicious reasons you suck.

Pass: f1Up$zD%QY*p5@!&

If you are creating any signatures such as Yara and Snort please share back with the community.

Happy Researching

My team at Minerva have organized the information into a single blog post:

Some on-going updates posted during the initial investigation: