In November, ESET researchers identified what they are classifying as a malicious framework used by a North American APT. DePriMon uses multiple advanced techniques, but makes use of a known, but previous unexploited feature of Windows, Port Monitors. This malware does not allow for initial exploitation, but it allows for arbitrary DLL execution at the SYSTEM user level once deployed.

All-in-all, it's an interesting example of well-designed malware, using Living off the Land Binaries (LOLBins), some file-less techniques, and encryption.