Software: Downdelph, Delphacy

From enterprise
Jump to: navigation, search
Downdelph, Delphacy
ID S0134
Aliases Downdelph, Delphacy
Type Malware
Platform Windows

Downdelph is a first-stage downloader written in Delphi that has been used by APT28 in rare instances between 2013 and 2015.1

Techniques Used

  • Remote File Copy - After downloading its main config file, Downdelph downloads multiple payloads from C2 servers.1
  • Data Obfuscation - Downdelph inserts pseudo-random characters between each original character during encoding of C2 network requests, making it difficult to write signatures on them.1