In January 2016, we discovered a new modus operandi launched by Evil Corp, the organization that owned and operated Dridex banking Trojan. A new build was released to the wild, using Andromeda botnet platform, mainly targeting users in the UK. We studied the attacks linked with the new Dridex infection