Jack Wesley Riley has published a white paper with an overview of tools and techniques used by CARBANAK. According to the paper, the toolsets CARBANAK deployed can be broken down into five basic functionalities:
- Ingress/Egress/Remote Access
- Lateral Movement
- Log Cleanup
- Credential Harvesting
- Internal Reconnaissance
The correlations between the Linux environment tools and the Windows environment tools are shown below:
You can read the full paper here.