Dridex is a major banking trojan that emerged in 2014 as a successor to Cridex and Bugat, primarily targeting banking credentials and corporate email. It is operated by the Evil Corp threat actor group, which has been under US Treasury sanctions since 2019. Dridex spreads through phishing campaigns with malicious Office documents and has been used as a precursor for BitPaymer and DoppelPaymer ransomware deployment in big-game-hunting operations.
This family has been observed using the following ATT&CK techniques: T1566.001 T1185 T1071.001
CISA has published an advisory on this family: https://www.cisa.gov/news-events/alerts/2019/12/13/dridex-malware
Dridex is a major banking trojan that emerged in 2014 as a successor to Cridex and Bugat, primarily targeting banking credentials and corporate email. It is operated by the Evil Corp threat actor group, which has been under US Treasury sanctions since 2019. Dridex spreads through phishing campaigns with malicious Office documents and has been used as a precursor for BitPaymer and DoppelPaymer ransomware deployment in big-game-hunting operations.
Dridex spreads through phishing emails with malicious Office macro documents, with later variants using Excel 4.0 macros and DLL sideloading techniques.
Browser injection prompts on banking sites, scheduled tasks with random names, outbound connections to compromised WordPress sites used as C2, and AV alerts for Dridex, Bugat, or Cridex are signature indicators.
If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.
Get this profile as JSON: https://jordanricky1604-ship-it.github.io/malware-families-catalog/api/dridex.json
This profile is part of the Malware Families Catalog, a public dataset of 2,899 malware families extracted from the EMBER 2018 benchmark. The catalog is also published on Hugging Face and Kaggle.