Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe)

Drinik is an evolving Android banking trojan that was observed targeting customers of around 27 banks in India in August 2021. Initially seen as an SMS stealer in 2016, Drinik resurfaced as a banking trojan with more advanced capabilities included in subsequent versions between September 2021 and August 2022.(Citation: cyble_drinik_1022)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e)	Attack Pattern	Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe)	Malware	1
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49)	Attack Pattern	Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe)	Malware	1
Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673)	Attack Pattern	Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe)	Malware	1
Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe)	Malware	Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d)	Attack Pattern	1
Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe)	Malware	Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	1
Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe)	Malware	SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b)	Attack Pattern	1
Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe)	Malware	Exfiltration Over C2 Channel - T1646 (32063d7f-0a39-440d-a4a3-2694488f96cc)	Attack Pattern	1
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe)	Malware	1
Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe)	Malware	Call Control - T1616 (351ddf79-2d3a-41b4-9bef-82ea5d3ccd69)	Attack Pattern	1
Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe)	Malware	1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a)	Attack Pattern	Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe)	Malware	1
Foreground Persistence - T1541 (648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e)	Attack Pattern	Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe)	Malware	1
Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe)	Malware	Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47)	Attack Pattern	1
Drinik - S1054 (d6e009b7-df5e-447a-bfd2-d5b77374edfe)	Malware	SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	1
Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a)	Attack Pattern	Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49)	Attack Pattern	2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d)	Attack Pattern	2
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f)	Attack Pattern	Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	2
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	2
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47)	Attack Pattern	2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	2