Skip to content

Hide Navigation Hide TOC

Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe)

Drinik is an evolving Android banking trojan that was observed targeting customers of around 27 banks in India in August 2021. Initially seen as an SMS stealer in 2016, Drinik resurfaced as a banking trojan with more advanced capabilities included in subsequent versions between September 2021 and August 2022.(Citation: cyble_drinik_1022)

Cluster A Galaxy A Cluster B Galaxy B Level
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware 1
Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 1
Call Control - T1616 (351ddf79-2d3a-41b4-9bef-82ea5d3ccd69) Attack Pattern Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware 1
Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern 1
Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 1
Foreground Persistence - T1541 (648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e) Attack Pattern Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware 1
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49) Attack Pattern Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware 1
Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673) Attack Pattern 1
Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e) Attack Pattern 1
Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern 1
Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware Exfiltration Over C2 Channel - T1646 (32063d7f-0a39-440d-a4a3-2694488f96cc) Attack Pattern 1
Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern 1
Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b) Attack Pattern 1
Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe) Malware Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a) Attack Pattern 1
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 2
Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 2
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49) Attack Pattern Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) Attack Pattern 2
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern 2