ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Downdelph

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Downdelph

NamesDowndelph
Delphacy
CategoryMalware
TypeLoader
Description(ESET) Downdelph is a first-stage component deployed only in very rare cases by the Sednit operators. Over the past two years this low-profile approach has been combined with advanced persistence methods — a bootkit and a rootkit — probably in order to spy on special targets for long periods of time. Downdelph was used to deploy X-Agent and Sedreco on infected machines.
Information<https://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf>
MITRE ATT&CK<https://attack.mitre.org/software/S0134/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.downdelph>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:DOWNDELPH>

Last change to this tool card: 23 April 2020

Download this tool card in JSON format

All groups using tool Downdelph

ChangedNameCountryObserved

APT groups

XSofacy, APT 28, Fancy Bear, SednitRussia2004-Sep 2024 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]