Intel Name: Off the beaten path: recent unusual malware
Date of Scan: March 17, 2025
Impact: High
Summary: We recently discovered several malware samples with unique traits that made attribution and analysis difficult. While many threat actors rely on publicly available tools, some develop custom malware with novel techniques. This article highlights three unusual cases: a passive IIS backdoor written in C++/CLI, a rare choice for malware; a bootkit leveraging an unsecured kernel driver to install a GRUB 2 bootloader; and a Windows implant of a cross-platform post-exploitation framework developed in C++.
