A novel malware framework, EggStreme, was discovered during an investigation of a cyberattack on a Philippine military company. The attack, attributed to a Chinese government-backed hacking group, utilized EggStreme to conduct an espionage campaign, gaining backdoor access to the company’s systems. The malware’s fileless nature and use of legitimate Windows services made it difficult to detect.