Skip to content

Hide Navigation Hide TOC

Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe)

Drinik is an evolving Android banking trojan that was observed targeting customers of around 27 banks in India in August 2021. Initially seen as an SMS stealer in 2016, Drinik resurfaced as a banking trojan with more advanced capabilities included in subsequent versions between September 2021 and August 2022.(Citation: cyble_drinik_1022)

Cluster A Galaxy A Cluster B Galaxy B Level
Exfiltration Over C2 Channel - T1646 (32063d7f-0a39-440d-a4a3-2694488f96cc) Attack Pattern Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware 1
Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673) Attack Pattern Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware 1
Foreground Persistence - T1541 (648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e) Attack Pattern Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware 1
Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern 1
Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a) Attack Pattern Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware 1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware 1
Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e) Attack Pattern Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware 1
Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware 1
SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b) Attack Pattern Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware 1
Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware 1
Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49) Attack Pattern 1
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware 1
Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware 1
Call Control - T1616 (351ddf79-2d3a-41b4-9bef-82ea5d3ccd69) Attack Pattern Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware 1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) Attack Pattern Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern 2
Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2
Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) Attack Pattern Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49) Attack Pattern 2
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern 2
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern 2