Chasing cybercrime: network insights of Dyre and Dridex Trojan bankers. (Report)

Trojan Bankers are a family of botnets that specialize in stealing information related to the financial sector and user data in order to sell it in underground marketplaces, some of them, also perform wire transfers using these credentials or by taking control of the infected computer.

Due to the difficulties posed by the different security firms, or by the competition that exists between different products, which nourishes it, the malware industry is always evolving and improving its products.

In the current landscape of Banking Trojans, Dyre and Dridex are the most nefarious ones due to the amount of infections that they have racked up since they were discovered, and to the mechanisms that make them more resilient.

From Blueliv, we launched an intensive investigation to find out how these botnets operate, we were able to analyze the networking protocol for both Dyre and Dridex, and to infiltrate the botnet, gathering a lot of information about how they operate, and who do they target.

reportBecause there isn’t a lot of information on how these botnets operate from a networking point of view, we want to share our findings with you, so today we present you the results of our labor.

Besides introducing you to both families, we will also explain with technical details the networking protocol of the botnets, and, thanks to the successful infiltration of both Dyre and Dridex network, we will share with you a lot of interesting data about their volume, campaigns and targeted countries.

And for those of you who can’t wait to get a taste of this information, here you have some of that data:

Most affected countries by Dyre

Most affected countries by Dyre


Most affected countries by Dridex

Most affected countries by Dridex

Download the whitepaper here and learn more about Dyre and Dridex.

Blueliv Team

Dark Commerce

Exploring the cybercrime industry and its business models: part 1

Read free report
Demo Free Trial MSSP