We found the full CARBANAK source code & previously unseen plugins. Our #FLARE team spent 500 hours analyzing the 100,000+ lines of code. @mykill & @jtbennettjr just dropped day 1 of their 4-part blog series: https://t.co/0DULpYoDzq Source code linked in blog. #CarbanakWeek 🦈💳

@BarryV @QW5kcmV3 @ItsReallyNick Naw, @mel_lombardi and I discussed this yesterday and shark-a-doo-doo-doo is def. fair game for #CARBANAKWeek 😆

Hey @jtbennettjr I heard @mikesiko mentioned us, might have had to do with #CARBANAKWeek or something ;-)

For those without @virustotal, how about @virusbay_io sharing? Now you can play alongside the blog with #CarbanakWeek: Home Malware Edition kb3r1p.rar 06efd1354b7418198c66a78ff3e68e59 https://t.co/GHWZVEpRTY apwmie.rar 2549f116adbbfeeecf7596e6381bb43c https://t.co/Atm0C4vTd6

Dropping 💻🔥 as FLARE's #CARBANAKweek continues Part 2⃣ (of 4): https://t.co/tXHXk6F6zs • 2 AV vendor evasions that @FireEye responsibly disclosed - 🗣️ @nopandroll • Attacker toolmarks, infrastructure, & passwords 🕵🏻‍♂️ • Survey of exploits FOLLOW: @jtbennettjr & @mykill

Did @FireEye use knowledge of the source code to patch #CARBANAK's video player and possibly even catch #FIN7's front company Combi Security monitoring unwitting "red teamer" employees? MAYBE?? 🔥🔥 Read part 4️⃣ (the conclusion) of #CARBANAKweek 💳🦈: https://t.co/oNu32tHhFP

Big thanks to @mrdavi51 for pointing out that the #CARBANAK "Test Company" self signed certificate is still hosted on several IPs. See more in our belated #CARBANAKWeek update here - https://t.co/l6mgZhrrku

ICYMI, my and Tom's #CarbanakWeek blog series 🇷🇺🎅💰

Check out part 3, it's a JAWesome run-down of build tool findings, new command names, Metasploit related findings, and more #CARBANAKWEEK

Come read #CARBANAKWeek Part 1: A Rare Occurrence. After @ItsReallyNick et al found the Carbanak source code in 2017, I undertook a deep and broad analysis. Now, @jtbennettjr and I have put the conclusions to paper (virtually)!

For even more details on multiple groups using #CARBANAK, please check out myself and @jtbennettjr's post from 2017 (and look out for the follow up in #CARBANAKWeek part 3!) https://t.co/zZtMZcBrxe

@FireEye @NOPAndRoll @jtbennettjr @mykill FLARE's #CARBANAKweek Part 3⃣ (of 4): https://t.co/IiGHHesyTC 📂👨‍💻🥋 "If Bruce Lee had been a malware analyst, he might have said that source code is like a finger pointing away to the moon; don’t concentrate on the finger, or you will miss all that binary ground truth."

#CARBANAKweek analysis from @jtbennettjr and @mykill reveals details pointing to several different developers as source code was suspected to be shared among groups

@jtbennettjr @mykill @adulau @FireEye #CarbanakWeek: Home Edition players are welcome to chime in if they find something @jtbennettjr & @mykill didn't https://t.co/hXGq9BGQUX Though I definitely recommend waiting until end of the week if you want to make your own FIN7 Carbanak video decoder.

@0xffff0800 hope you were able to pull the source from VT for #CARBANAKWeek kb3r1p and apwmie

Astrologers? FLARE is often in retrograde and we think it would be GREaT if you joined the party! #CARBANAKWeek @FireEye

Fun fun fun, joining #CARBANAKWeek to follow along with @FireEye’s 2 year analysis of the code. CARBANAK is one more reason why #deception is so important.

@malcomvetter @mikhail_khusid Here was our deep dive on Combi Security: https://t.co/woRkIu4sxA We also did #CarbanakWeek where our FLARE team explained how they reverse engineered #FIN7’s video player & caught them monitoring their unwitting criminal employees

CARBANAK Week Part Three: Behind the CARBANAK Backdoor « CARBANAK Week Part Three: Behind the CARBANAK Backdoor https://t.co/QAlTqX5nsW #carbanakweek

Michael Bailey's #CARBANAKWeek post exploring the CARBANAK malware source code was featured in The Hacker News. >> Read more: https://t.co/60s5N29zOR