Moriya is used to deploy passive backdoors on public-facing servers. The passive backdoor allows attackers to monitor all traffic, incoming and outgoing, that passes through an infected machine and filter out packets sent for the malware. The packet inspection occurs in kernel mode with the help of a Microsoft Windows driver.

https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/