"It covers some new WMI persistence techniques..."
To be clear, this blog addresses a persistence mechanism that uses WMI, with a twist of anti-forensics thrown in. I linked to the corporate blog post I authored, and wanted to tie in some of the information that was developed afterward, particularly what Matt Graeber provided.
Interestingly enough, Matt was able to find an exemplar on VT, which means that others have seen this and uploaded the raw file to VT, but either haven't figured it out, or have but haven't posted publicly about their findings.
The SecureWorks blog post clearly illustrates how we found this in the first place, and I've strongly recommended to our IR analysts that they take a second and run our internal process against the appropriate files in every case they encounter.