Anubis

Malware updated 2 months ago (2024-11-29T14:31:56.738Z)
Download STIX
Preview STIX
Anubis, also known as IcedID or Bokbot, is a sophisticated piece of malware primarily functioning as a banking trojan. It was first discovered by X-Force in September 2017 and has since evolved to target a wide range of financial applications. Notably, Anubis has consistently ranked among the top five most prevalent malware families, accounting for 11.24% of infections. This malware is particularly notorious for its ability to infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. In October, an incident involving the IcedID banking Trojan saw a forked variant infection with BackConnect, Anubis VNC, CobaltStrike, and ConnectWise ScreenConnect. Remarkably, "hands on the keyboard" activity was detected approximately 95 minutes after initial infection, indicating swift and aggressive action by the attackers. Numerous companies, including Microsoft Corporation, McAfee, Symantec, and Trend Micro, have been involved in efforts to combat this threat. Anubis has also emerged as a significant threat in the mobile malware arena, especially targeting Android devices. It has remained the most prevalent mobile malware, followed by AhMyth and Hiddad. Over time, Anubis has evolved beyond its initial design as a banking Trojan, incorporating Remote Access Trojan (RAT) functionality, keylogging, audio recording capabilities, and ransomware features. As such, it represents a multi-faceted and persistent cybersecurity threat.
Description last updated: 2024-05-04T17:15:11.673Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
IcedID is a possible alias for Anubis. IcedID is a malicious software (malware) that has been implicated in numerous cybercrime campaigns. It has been associated with other notable malware such as Qakbot, BazarLoader, CobaltStrike, Conti, Gozi, Trickbot, Quantum, Emotet, Pikabot, and SystemBC. Its distribution often involves the use of d
4
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Trojan
Exploit
Windows
Vulnerability
Antivirus
Loader
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Qbot Malware is associated with Anubis. Qbot, also known as Qakbot or Pinkslipbot, is a sophisticated malware that initially emerged in 2007 as a banking trojan. It has since evolved into an advanced strain used by various cybercriminal groups to infiltrate networks and prepare them for ransomware attacks. The first known use of an ITG23 Unspecified
3
The QakBot Malware is associated with Anubis. Qakbot is a type of malware, or malicious software, that infiltrates computer systems to exploit and damage them. This harmful program can infect devices through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt opeUnspecified
2
The Conti Malware is associated with Anubis. Conti is a type of malware, specifically ransomware, which is designed to infiltrate and damage computer systems. This malicious software can enter systems through various methods such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personaUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The vulnerability CVE-2022-41073 is associated with Anubis. Unspecified
2
Source Document References
Information about the Anubis Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Checkpoint
a month ago
CERT-EU
10 months ago
CERT-EU
a year ago
Unit42
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
2 years ago
SecurityIntelligence.com
a year ago
CERT-EU
a year ago
Securelist
2 years ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
2 years ago
CERT-EU
2 years ago
InfoSecurity-magazine
2 years ago
Checkpoint
2 years ago
BankInfoSecurity
2 years ago
CERT-EU
a year ago
CERT-EU
2 years ago
CERT-EU
2 years ago