Dridex is one of the most technologically advanced banking Trojans, existing and regularly evolving since 2014.
Initially created as a banking Trojan with the function of stealing bank details by intercepting them (keylogging, web injections) or redirecting to the bank's phishing page, Dridex was subsequently used by operators as a botnet to deliver their own ransomware viruses to target systems: BitPaymer, DopplePaymer, Locky, WastedLocker, Macaw.
Dridex is classified as an evolution of the Zeus Trojan, has a similarity of the program code with the Bugat malware.
The operators of Dridex are one of the most wanted cybercriminal organized criminal groups «Evil Corp», also known as TA505. The group does not provide access to the Dridex botnet and ransomware viruses according to the RaaS and MaaS business models, preferring to act independently.
The geography of incidents related to Dridex is diverse: the victims are located in the United States, the European Union and the Asia-Pacific region. The «Evil Corp» group avoids the use of Dridex and related ransomware viruses against residents of the CIS countries. The program code contains the function of automatic self-removal in case of infection of a computer system located on the territory of a CIS member state.