Which known malware families have exploited COM hijacking via MruPidlList or similar CLSIDs, according to the article?

The article mentions COMRAT (suspected to share origins with the advanced rootkits Uroburos and Agent.BTZ), the ZeroAccess rootkit (which infected over 9 million computers using CLSID `{fbeb8a05-beee-4442-804e-409d6c4515e9}`), and BBSRAT (linked to the Roaming Tiger campaign targeting Russian organizations). These examples demonstrate how real-world threats leverage COM hijacking for persistence, as discussed in Use COM Object hijacking to maintain persistence——Hijack explorer.exe.