Researchers have identified what they are calling an Early Bird code injection technique used by the Iranian group APT33 to burrow the TurnedUp malware inside infected systems while evading anti-malware tools.

https://threatpost.com/new-early-bird-code-injection-technique-helps-apt33-evade-detection/131147/