Banking trojan / Loader
Dridex
aka Bugat · Cridex
A long-lived banking trojan operated by Evil Corp, descended from Bugat/Cridex and later used to stage BitPaymer and DoppelPaymer ransomware.
Dridex is a modular banking trojan descended from Bugat/Cridex, active since 2014 and operated by the Evil Corp group. It spreads through malicious Office macros in malspam and uses web injects to steal banking credentials.
Beyond banking
Like its peers, Dridex became a delivery platform — staging BitPaymer and DoppelPaymer ransomware on compromised networks. The US Treasury sanctioned Evil Corp and indicted its alleged leader, Maksim Yakubets, in 2019.
Status
Sanctions and indictments curbed but didn't end Dridex activity, which continues sporadically. Campaign data is on Cyber Breaches; a web-inject analysis lives on the Reverse Engineering Hub.
Defense
Block macro execution from the internet, filter malspam, and monitor for ransomware staging after a Dridex detection.