This article appears in the J.UCS Special Issue on Information Security Methodology, Replication Studies and Information Security Education. In this extended and updated paper (based on the author's paper presented at the 1st International Workshop on Information Security Methodology and Replication Studies, co-organised with ARES 2019), the experimental construction of a new attacker typology grounded in real-life data is proposed, using grounded theory analysis and over 300 publicly available documents containing details of digital banking related cybercrime and involved attackers. Seven attacker profiles forming the typology specific to the case of digital banking are presented. An initial light-touch evaluation approach based on peer review feedback and basic heuristics is suggested. A short excursus on circumplex models is added to address this visualisation tool used across past categorisation efforts.