In May 2016, the Bitdefender threat response team isolated a number of samples from the internal malware zoo while looking into a custom file-packing algorithm. A deeper look into the global telemetry revealed that this piece of malware was strictly affecting a limited pool of hosts belonging to a number of IP addresses marked as sensitive targets.
Its unusual build could have easily make it pass like a regular threat that organizations block on a daily basis ; however, telemetry information provided by our event correlation service has pointed out that most of its victims are government agencies.