{
  "name": "Off the Beaten Path: Recent Unusual Malware",
  "slug": "off-the-beaten-path-recent-unusual-malware",
  "description": "The article examines three unusual malware samples: a C++/CLI IIS backdoor enabling stealthy remote command execution, a bootkit leveraging the GRUB 2 bootloader to gain early system control and persistence, and a cross-platform post-exploitation framework developed in C++. These cases highlight evolving attacker techniques that prioritize stealth, persistence, and unconventional execution methods to evade detection.",
  "published": "2025-03-17T08:40:52+00:00",
  "created_at": "2025-03-17T08:40:52+00:00",
  "modified_at": "2025-03-17T09:03:31+00:00",
  "created_at_opencti": "2025-03-17T08:40:52+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-03-14",
    "2025-03-17",
    "apt",
    "backdoor",
    "bootkit",
    "c++/cli",
    "dixie-playing bootkit",
    "grub",
    "iis backdoor",
    "post-exploitation",
    "projectgeass"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "cca5df85920dd2bdaaa2abc152383c9a1391a3e1c4217382a9b0fce5a83d6e0b"
      },
      {
        "id": "",
        "name": "aa2d46665ea230e856689c614edcd9d932d9edad0083bf89c903299d148634a2"
      },
      {
        "id": "",
        "name": "a28d0550524996ca63f26cb19f4b4d82019a1be24490343e9b916d2750162cda"
      },
      {
        "id": "",
        "name": "950243a133db44e93b764e03c8d06b99310686d010b52b67f4effa57f0d72e04"
      },
      {
        "id": "",
        "name": "94017628658035206820723763a2a698a4fd7be98fc2c541aad6aa0281ef090e"
      },
      {
        "id": "",
        "name": "8571a354b5cdd9ec3735b84fa207e72c7aea1ab82ea2e4ffea1373335b3e88f4"
      },
      {
        "id": "",
        "name": "15db49717a9e9c1e26f5b1745870b028e0133d430ec14d52884cec28ccd3c8ab"
      }
    ],
    "attack_patterns": [
      {
        "id": "7e696094-0814-4f0c-9a86-b76e56821463",
        "name": "T1542.003"
      },
      {
        "id": "beaa4978-0309-438b-a45e-ec566b643811",
        "name": "T1505.003"
      },
      {
        "id": "5583e5dc-69b0-4e72-8dff-66acad100600",
        "name": "T1574.005"
      },
      {
        "id": "60972cf6-e90b-4600-af3c-13c468391d9c",
        "name": "T1106"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      }
    ]
  },
  "external_refs": [
    "https://otx.alienvault.com/pulse/67d7ee24c094f5f32b058b48",
    "https://unit42.paloaltonetworks.com/unusual-malware/"
  ]
}