Duqu 2.0 doesnt have a normal persistence mechanism. The attackers created an unusual persistence module which they deploy on compromised networks. It serves a double function it also supports a hidden C&C communication scheme. This organization-level persistence is achieved by a driver that is installed as a normal system service. On 64-bit systems, this implies a strict requirement for an Authenticode digital signature. The driver listens to the network and expects a special secret keyword (romanian.antihacker in that case).”]
Source: https://securelist.com/the-duqu-2-0-persistence-module/70641/