Register to stream ATT&CKcon 2.0 October 29-30


Dridex is a banking Trojan that has been used for financial gain. Dridex was created from the source code of the Bugat banking trojan (also known as Cridex).[1][2]

ID: S0384
Associated Software: Bugat v5
Platforms: Windows
Version: 1.0

Associated Software Descriptions

Name Description
Bugat v5 [1]

Techniques Used

Domain ID Name Use
Enterprise T1090 Connection Proxy Dridex contains a backconnect module for tunneling network traffic through a victim's computer. Infected computers become part of a P2P botnet that can relay C2 traffic to other infected peers. [1]
Enterprise T1185 Man in the Browser Dridex can perform browser attacks via web injects to steal information such as credentials, certificates, and cookies. [1]
Enterprise T1219 Remote Access Tools Dridex contains a module for VNC. [1]
Enterprise T1071 Standard Application Layer Protocol Dridex has used HTTPS for C2 communications. [2]
Enterprise T1032 Standard Cryptographic Protocol Dridex has encrypted traffic with RSA and RC4. [2]

Groups That Use This Software

ID Name References
G0092 TA505 [3] [4]