Active ransomware operator
← All groupsanubis
96 victims indexed · first seen 1 year ago · last activity 2 days ago
At a glance
- Status
- active
- First seen
- 1 year ago
- Last activity
- 2 days ago
- Onion sites
- 1 known endpoint
- Primary sector
- Healthcare · 15 hits
About
References
6 linksExternal sources curated by the MISP threat-intel community.
- ransomlook.io/group/anubis
- bleepingcomputer.com/news/security/anubis-banking-trojan-targets-android-users
- sentinelone.com/blog/anubis-android-banking-trojan-analysis
- trendmicro.com/en_us/research/19/j/anubis-malware-family-returns-with-new-variants.html
- blog.cyble.com/2023/06/14/anubis-banking-trojan-targets-multiple-countries
- cisa.gov/news-events/analysis-reports/ar22-187a
Timeline
12 monthsTop countries
Top sectors
MITRE ATT&CK
4 techniques · 3 tacticsTactics
Recent victims
Loading…
Onion infrastructure
1 known- http://om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion
Source
Updated 2 days agoData on this page is sourced from the group's own leak posts, cross-checked with public ransomware trackers (RansomLook, ransomware.live, RansomWatch), MITRE ATT&CK, and our own Tor and Telegram crawlers. This is a public observatory page — share freely.
Get alerted the next time anubis posts a victim.
Add anubis to your watchlist — Pro pings you within 5 minutes of any new anubis leak-site post, Telegram callout, or affiliate-rebrand inference.

