For example, Rakshasa can download the bootkit from a random blog as a file with a .pdf extension. It can also send the IP addresses and other network information of the infected computers to a predefined email address.

The attacker can push configuration updates or a new version of the malware over an encrypted HTTPS connection by communicating directly with the network card firmware and the command and control server can be rotated among different websites to make it harder for law enforcement or security researchers to take it down.

Brossard did not release Rakshasa publicly. However, since most of its components are open source, someone with sufficient knowledge and resources could replicate it. that explains the malware's implementation in more detail is available online.