Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers : https://securityintelligence.com/posts/direct-kernel-object-manipulation-attacks-etw-providers/
*Derusbi RAT family : https://www.cyber.airbus.com/newcomers-derusbi-family/
*More :
A) https://www.novetta.com/wp-content/uploads/2014/11/Derusbi.pdf
B) https://s3.documentcloud.org/documents/2084641/crowdstrike-deep-panda-report.pdf
**Unraveling the Lamberts Toolkit : https://securelist.com/unraveling-the-lamberts-toolkit/77990/