SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Dridex
Dridex is a banking Trojan that has been used for financial gain. Dridex was created from the source code of the Bugat banking trojan (also known as Cridex).[1][2]
ID: S0384
Associated Software: Bugat v5
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 30 May 2019
Last Modified: 30 March 2020
Associated Software Descriptions
| Name | Description |
|---|---|
| Bugat v5 |
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols | |
| Enterprise | T1573 | .001 | Encrypted Channel: Symmetric Cryptography | |
| .002 | Encrypted Channel: Asymmetric Cryptography | |||
| Enterprise | T1185 | Man in the Browser |
Dridex can perform browser attacks via web injects to steal information such as credentials, certificates, and cookies.[1] |
|
| Enterprise | T1090 | Proxy |
Dridex contains a backconnect module for tunneling network traffic through a victim's computer. Infected computers become part of a P2P botnet that can relay C2 traffic to other infected peers.[1] |
|
| Enterprise | T1219 | Remote Access Software | ||
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0092 | TA505 |
References
- Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, October 13). Dridex (Bugat v5) Botnet Takeover Operation. Retrieved May 31, 2019.
- Slepogin, N. (2017, May 25). Dridex: A History of Evolution. Retrieved May 31, 2019.
- Proofpoint Staff. (2017, September 27). Threat Actor Profile: TA505, From Dridex to GlobeImposter. Retrieved May 28, 2019.
×