ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool AnubisSpy

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: AnubisSpy

NamesAnubisSpy
CategoryMalware
TypeBackdoor, Info stealer, Exfiltration
Description(Trend Micro) AnubisSpy can steal messages (SMS), photos, videos, contacts, email accounts, calendar events, and browser histories (i.e., Chrome and Samsung Internet Browser). It can also take screenshots and record audio, including calls. It can spy on the victim through apps installed on the device, a list of which is in its configuration file that can be updated. This includes Skype, WhatsApp, Facebook, and Twitter, among others.

After the data are collected, they are encrypted and sent to the (C&C) server. AnubisSpy can also self-destruct to cover its tracks. It can run commands and delete files on the device, as well as install and uninstall Android Application Packages (APKs).

AnubisSpy has several modules, each of which has a separate role. AnubisSpy’s code is well constructed, indicating the developer/s’ know-how.
Information<https://blog.trendmicro.com/trendlabs-security-intelligence/cyberespionage-campaign-sphinx-goes-mobile-anubisspy/>
<https://documents.trendmicro.com/assets/tech-brief-cyberespionage-campaign-sphinx-goes-mobile-with-anubisspy.pdf>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/apk.anubisspy>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:anubisspy>

Last change to this tool card: 21 May 2020

Download this tool card in JSON format

Previous: Anubis
Next: AnvilEcho

All groups using tool AnubisSpy

ChangedNameCountryObserved

APT groups

 Sphinx[Unknown]2014 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]