
ESET identifies malware with novel installation technique - triffee
https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
======
triffee
In November, ESET researchers identified what they are classifying as a
malicious framework used by a North American APT. DePriMon uses multiple
advanced techniques, but makes use of a known, but previous unexploited
feature of Windows, Port Monitors. This malware does not allow for initial
exploitation, but it allows for arbitrary DLL execution at the SYSTEM user
level once deployed.

All-in-all, it's an interesting example of well-designed malware, using Living
off the Land Binaries (LOLBins), some file-less techniques, and encryption.

