Anubis

Malware updated 7 months ago (2024-05-04T19:48:41.971Z)

Download STIX

Preview STIX

Anubis, also known as IcedID or Bokbot, is a sophisticated piece of malware primarily functioning as a banking trojan. It was first discovered by X-Force in September 2017 and has since evolved to target a wide range of financial applications. Notably, Anubis has consistently ranked among the top five most prevalent malware families, accounting for 11.24% of infections. This malware is particularly notorious for its ability to infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. In October, an incident involving the IcedID banking Trojan saw a forked variant infection with BackConnect, Anubis VNC, CobaltStrike, and ConnectWise ScreenConnect. Remarkably, "hands on the keyboard" activity was detected approximately 95 minutes after initial infection, indicating swift and aggressive action by the attackers. Numerous companies, including Microsoft Corporation, McAfee, Symantec, and Trend Micro, have been involved in efforts to combat this threat. Anubis has also emerged as a significant threat in the mobile malware arena, especially targeting Android devices. It has remained the most prevalent mobile malware, followed by AhMyth and Hiddad. Over time, Anubis has evolved beyond its initial design as a banking Trojan, incorporating Remote Access Trojan (RAT) functionality, keylogging, audio recording capabilities, and ransomware features. As such, it represents a multi-faceted and persistent cybersecurity threat.

Description last updated: 2024-05-04T17:15:11.673Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
IcedID is a possible alias for Anubis. IcedID is a malicious software (malware) that has been implicated in numerous cybercrime campaigns. It has been associated with other notable malware such as Qakbot, BazarLoader, CobaltStrike, Conti, Gozi, Trickbot, Quantum, Emotet, Pikabot, and SystemBC. Its distribution often involves the use of d	4

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Trojan

Exploit

Malware

Windows

Vulnerability

Antivirus

Loader

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Qbot Malware is associated with Anubis. Qbot, also known as Qakbot or Pinkslipbot, is a modular information stealer malware that first emerged in 2007 as a banking trojan. Its evolution has seen it become an advanced strain of malware used by multiple cybercriminal groups to prepare compromised networks for ransomware infestations. The fi	Unspecified	3
The QakBot Malware is associated with Anubis. Qakbot is a malicious software (malware) designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, or hold data for ransom. Built by d	Unspecified	2
The Conti Malware is associated with Anubis. Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. Often spreading through suspicious downloads, emails, or websites, it can steal personal information, disrupt operations, or hold data hostage for ransom. Notably, Conti was linked to several ra	Unspecified	2

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The vulnerability CVE-2022-41073 is associated with Anubis.	Unspecified	2

Source Document References

Information about the Anubis Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	8 months ago	Heimdal’s 10th Anniversary - Our Finest Hours
CERT-EU	10 months ago	December 2023's Most Wanted Malware : The Resurgence of Qbot and FakeUpdates – Global Security Mag Online
Unit42	a year ago	From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence
CERT-EU	a year ago	Search \| arXiv e-print repository
CERT-EU	a year ago	Hackers use MTG cards to siphon funds, here's what happened \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	2 years ago	Cybersecurity threatscape: year 2021 in review
SecurityIntelligence.com	a year ago	ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups
CERT-EU	a year ago	Formbook Takes the Throne as Most Prevalent Malware
Securelist	2 years ago	Financial cyberthreats in 2022
CERT-EU	a year ago	Update: The 2023 Malware League Table
CERT-EU	a year ago	August 2023's Most Wanted Malware : New ChromeLoader Campaign Spreads Malicious Browser Extensions while QBot is Shut Down by FBI – Global Security Mag Online
CERT-EU	2 years ago	New Emotet malware campaign bypasses Microsoft blocks
CERT-EU	2 years ago	April 2023’s Most Wanted Malware: Qbot Launches Substantial Malspam Campaign and Mirai Makes its Return - Check Point Blog
InfoSecurity-magazine	2 years ago	Emotet Climbs March 2023's Most Wanted Malware List With OneNote Campaign
Checkpoint	a year ago	12th June – Threat Intelligence Report - Check Point Research
BankInfoSecurity	2 years ago	Royal Ransomware Group Builds Its Own Malware Loader
CERT-EU	a year ago	September 2023's Most Wanted Malware : Remcos Wreaks Havoc in Colombia and Formbook Takes Top Spot after Qbot Shutdown – Global Security Mag Online
CERT-EU	2 years ago	Royal Ransomware Group Builds Its Own Malware Loader \| #ransomware \| #cybercrime – National Cyber Security Consulting
CERT-EU	2 years ago	April 2023's Most Wanted Malware : Qbot Launches Substantial Malspam Campaign and Mirai Makes its Return – Global Security Mag Online
CERT-EU	a year ago	The Most Used Malware In H1 2023