Skip to content

Hide Navigation Hide TOC

Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a)

Downdelph is a lightweight downloader developed in the Delphi programming language. As we already mentioned in our white paper, its period of activity was from November 2013 to September 2015 and there have been no new variants seen since.

Cluster A Galaxy A Cluster B Galaxy B Level
Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a) Tool Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 1
Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a) Tool Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2) Malpedia 1
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 2
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 2
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2) Malpedia 2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 2
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 2
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 3
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 3
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 3