Home > List all groups > List all tools > List all groups using tool Dridex

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Dridex

TypeBanking trojan, Credential stealer, Worm
DescriptionOxCERT blog describes Dridex as 'an evasive, information-stealing malware variant; its goal is to acquire as many credentials as possible and return them via an encrypted tunnel to a Command-and-Control (C&C) server. These C&C servers are numerous and scattered all over the Internet, if the malware cannot reach one server it will try another. For this reason, network-based measures such as blocking the C&C IPs is effective only in the short-term.'
According to MalwareBytes, 'Dridex uses an older tactic of infection by attaching a Word document that utilizes macros to install malware. However, once new versions of Microsoft Office came out and users generally updated, such a threat subsided because it was no longer simple to infect a user with this method.'
IBM X-Force discovered 'a new version of the Dridex banking Trojan that takes advantage of a code injection technique called AtomBombing to infect systems. AtomBombing is a technique for injecting malicious code into the 'atom tables' that almost all versions of Windows uses to store certain application data. It is a variation of typical code injection attacks that take advantage of input validation errors to insert and to execute malicious code in a legitimate process or application. Dridex v4 is the first malware that uses the AtomBombing process to try and infect systems.'

Last change to this tool card: 19 April 2021

Download this tool card in JSON format

All groups using tool Dridex


APT groups

 Indrik SpiderRussia2014-Jun 2021 HOTX
 TA505, Graceful Spider, Gold EvergreenRussia2006-Oct 2020X
 TA530[Unknown]2016-Nov 2016 

3 groups listed (3 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key