Notable about this "puppy" is the use of a Symantec signed executable. https://www.securityweek.com/oceanlotus-spies-use-new-backdoor-recent-attacks