Dridex / Bugat (also known as Dridex, Bugat, Cridex) is a banking trojan active since 2014. Prolific banking trojan. Key characteristics include: web injects, VNC backdoor, Evil Corp operation, sanctions-evading, Maksim Yakubets indicted.
Overview & Background
Prolific banking trojan. First identified in 2014, this threat is attributed to Evil Corp.
Threat Assessment
Dridex remains an active threat. Organizations should implement detection rules and monitor for indicators associated with this banking trojan.
- Category: Banking Trojan
- Active since: 2014
- Attribution: Evil Corp
- Also known as: Dridex, Bugat, Cridex
Technical Analysis
Dridex employs the following capabilities and techniques:
- Web Injects: Core functionality
- Vnc Backdoor: Core functionality
- Evil Corp Operation: Core functionality
- Sanctions-Evading: Core functionality
- Maksim Yakubets Indicted: Core functionality
MITRE ATT&CK Mapping
| Tactic | Technique | Usage |
|---|---|---|
| Initial Access | T1566.001 Phishing Attachment | Common delivery vector |
| Execution | T1204.002 Malicious File | User-triggered execution |
| Persistence | T1547.001 Registry Run Keys | Autostart persistence |
| Defense Evasion | T1027 Obfuscated Files | Payload obfuscation |
| C2 | T1071.001 Web Protocols | HTTP/HTTPS C2 |
Detection & Defense
- Endpoint detection: Deploy behavioral detection rules for Dridex indicators
- Network monitoring: Monitor for C2 traffic patterns and anomalous connections
- Threat intelligence: Track Dridex IOCs and campaign updates
- Security awareness: Train users to recognize phishing and social engineering
- Patch management: Keep systems updated to prevent exploitation
Defend Against Dridex
Mjolnir Security provides detection and response capabilities against Dridex and similar threats.
Threat DetectionIncident ResponseThreat HuntingMDR ServicesThreat Intelligence
- Proactive Threat Hunting Hunt for Dridex indicators and TTPs within your environment.
- Threat Intelligence Monitor Dridex campaigns and infrastructure changes.
- 24/7 Incident Response Rapid containment and forensic investigation. Call +1 833 403 5875.
Written by: Mjolnir Security | Published: August 22, 2025
Stay ahead of emerging threats. Get notified when we publish new intelligence reports and advisories.
Subscribe to Alerts