DePriMon (c76874cd-0d73-4cbf-8d39-a066900dd4ce)
DePriMon is a malicious downloader, with several stages and using many non-traditional techniques. To achieve persistence, the malware registers a new local port monitor – a trick falling under the “Port Monitors” technique in the MITRE ATT&CK knowledgebase. For that, the malware uses the “Windows Default Print Monitor” name; that’s why we have named it DePriMon. Due to its complexity and modular architecture, we consider it to be a framework.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| DePriMon (c76874cd-0d73-4cbf-8d39-a066900dd4ce) | Tool | Deprimon (17429ed4-6106-4a28-9a76-f19cd476d94b) | Malpedia | 1 |