Anubis Backdoor (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

py.anubisbackdoor (Back to overview)

Anubis Backdoor

Actor(s): FIN7

According to Prodaft, this is a Python-based backdoor used by the Savage Ladybug (FIN7) group is developed to provide remote access, execute commands, and steal data. It is obfuscated to avoid detection.

References

2025-03-15 ⋅ Github (TheRavenFile) ⋅ Rakesh Krishnan
IoCs for Anubis Backdoor
Anubis Backdoor

2025-03-11 ⋅ Github (prodaft) ⋅ PRODAFT
IOCs for Anubis Backdoor
Anubis Backdoor

There is no Yara-Signature yet.

Anubis Backdoor Propose Change

References

Anubis Backdoor