Anubis

Malware updated 4 months ago (2024-05-04T19:48:41.971Z)
Download STIX
Preview STIX
Anubis, also known as IcedID or Bokbot, is a sophisticated piece of malware primarily functioning as a banking trojan. It was first discovered by X-Force in September 2017 and has since evolved to target a wide range of financial applications. Notably, Anubis has consistently ranked among the top five most prevalent malware families, accounting for 11.24% of infections. This malware is particularly notorious for its ability to infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. In October, an incident involving the IcedID banking Trojan saw a forked variant infection with BackConnect, Anubis VNC, CobaltStrike, and ConnectWise ScreenConnect. Remarkably, "hands on the keyboard" activity was detected approximately 95 minutes after initial infection, indicating swift and aggressive action by the attackers. Numerous companies, including Microsoft Corporation, McAfee, Symantec, and Trend Micro, have been involved in efforts to combat this threat. Anubis has also emerged as a significant threat in the mobile malware arena, especially targeting Android devices. It has remained the most prevalent mobile malware, followed by AhMyth and Hiddad. Over time, Anubis has evolved beyond its initial design as a banking Trojan, incorporating Remote Access Trojan (RAT) functionality, keylogging, audio recording capabilities, and ransomware features. As such, it represents a multi-faceted and persistent cybersecurity threat.
Description last updated: 2024-05-04T17:15:11.673Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
IcedID
4
IcedID is a malicious software (malware) that has been linked to various cybercrime operations. The malware can infiltrate systems via suspicious downloads, emails, or websites and proceed to steal personal information, disrupt operations, or hold data for ransom. IcedID has been associated with oth
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Trojan
Exploit
Malware
Windows
Vulnerability
Antivirus
Loader
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
QbotUnspecified
3
Qbot, also known as Qakbot or Pinkslipbot, is a modular information-stealing malware that emerged in 2007 as a banking trojan. Over the years, it has evolved into an advanced malware strain used by multiple cybercriminal groups to compromise networks and prepare them for ransomware attacks. The firs
QakBotUnspecified
2
Qakbot is a type of malware that has been linked to various cybercriminal activities, with its presence first observed as early as 2020. It gained notoriety for its role in the operations of the Black Basta ransomware group, which used Qakbot extensively in sophisticated phishing campaigns. The malw
ContiUnspecified
2
Conti is a notorious malware and ransomware operation that has caused significant damage to computer systems worldwide. The Conti group, believed to have around 200 employees, operated like a regular business, with internal communications revealing the organization's structure and operations. It was
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
IDTypeVotesProfile Description
CVE-2022-41073Unspecified
2
None
Source Document References
Information about the Anubis Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
6 months ago
Heimdal’s 10th Anniversary - Our Finest Hours
CERT-EU
8 months ago
December 2023's Most Wanted Malware : The Resurgence of Qbot and FakeUpdates – Global Security Mag Online
Unit42
8 months ago
From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence
CERT-EU
9 months ago
Search | arXiv e-print repository
CERT-EU
9 months ago
Hackers use MTG cards to siphon funds, here's what happened | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
a year ago
Cybersecurity threatscape: year 2021 in review
SecurityIntelligence.com
10 months ago
ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups
CERT-EU
a year ago
Formbook Takes the Throne as Most Prevalent Malware
Securelist
a year ago
Financial cyberthreats in 2022
CERT-EU
a year ago
Update: The 2023 Malware League Table
CERT-EU
a year ago
August 2023's Most Wanted Malware : New ChromeLoader Campaign Spreads Malicious Browser Extensions while QBot is Shut Down by FBI – Global Security Mag Online
CERT-EU
a year ago
New Emotet malware campaign bypasses Microsoft blocks
CERT-EU
a year ago
April 2023’s Most Wanted Malware: Qbot Launches Substantial Malspam Campaign and Mirai Makes its Return - Check Point Blog
InfoSecurity-magazine
a year ago
Emotet Climbs March 2023's Most Wanted Malware List With OneNote Campaign
Checkpoint
a year ago
12th June – Threat Intelligence Report - Check Point Research
BankInfoSecurity
a year ago
Royal Ransomware Group Builds Its Own Malware Loader
CERT-EU
a year ago
September 2023's Most Wanted Malware : Remcos Wreaks Havoc in Colombia and Formbook Takes Top Spot after Qbot Shutdown – Global Security Mag Online
CERT-EU
a year ago
Royal Ransomware Group Builds Its Own Malware Loader | #ransomware | #cybercrime – National Cyber Security Consulting
CERT-EU
a year ago
April 2023's Most Wanted Malware : Qbot Launches Substantial Malspam Campaign and Mirai Makes its Return – Global Security Mag Online
CERT-EU
a year ago
The Most Used Malware In H1 2023