Zanubis
Intelligence Profile
According to cyware, Zanubis malware pretends to be a malicious PDF application. The threat actor uses it as a key to decrypt responses received from the C2 server.
Threat Analysis
Zanubis is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.
Ransomware Victims (13)
CTIWATCH tracks 13 organizations claimed as victims by Zanubis on its data leak site, with attack dates, sectors and countries.
View full victims list →Known Campaigns
Zanubis is conducting an active ransomware campaign targeting organizations across 3 countries. Primary targets: Business Services, Consumer Services, Energy. 7 confirmed victims recorded in the last 45 days. Campaign status: ACTIVE (last activity 9 Apr 2026).