Following the release of our four-part CARBANAK Week blog series, many readers have found places to make the data shared in these posts actionable. We have updated this post to include some of this information.

CARBANAK is one of the most full-featured backdoors around. It was used to perpetrate millions of dollars in financial crimes, largely by the group we track as FIN7.

Attackers distributing this malicious campaign via weaponized Excel File via email with attached Excel file that posed as a legitimate file with thefilename “Military Financing.xlsm.”

CVE-2019-0859 is a Use-After-Free vulnerability in the system function that handles dialog windows, or more precisely, their additional styles. The exploit pattern found in the wild targeted 64-bit versions of OS, from Windows 7 to the latest builds of Windows 10. Exploitation of the vulnerability allows the malware to download and execute a script written by the attackers, which in the worst-case scenario results in full control over the infected PC.