Skip to content

Hide Navigation Hide TOC

Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a)

Downdelph is a lightweight downloader developed in the Delphi programming language. As we already mentioned in our white paper, its period of activity was from November 2013 to September 2015 and there have been no new variants seen since.

Cluster A Galaxy A Cluster B Galaxy B Level
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a) Tool 1
Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2) Malpedia Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a) Tool 1
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2) Malpedia 2
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 2
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 3