Common Information
Type | Value |
---|---|
Value |
Rootkit - T1014 |
Category | Attack-Pattern |
Type | Mitre-Enterprise-Attack-Attack-Pattern |
Misp Type | Cluster |
Description | Rootkits are programs that hide the existence of malware by intercepting (i.e., Hooking) and modifying operating system API calls that supply system information. (Citation: Symantec Windows Rootkits) Rootkits or rootkit enabling functionality may reside at the user or kernel level in the operating system or lower, to include a Hypervisor, Master Boot Record, or the System Firmware. (Citation: Wikipedia Rootkit) Adversaries may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components. Rootkits have been seen for Windows, Linux, and Mac OS X systems. (Citation: CrowdStrike Linux Rootkit) (Citation: BlackHat Mac OSX Rootkit) Detection: Some rootkit protections may be built into anti-virus or operating system software. There are dedicated rootkit detection tools that look for specific types of rootkit behavior. Monitor for the existence of unrecognized DLLs, devices, services, and changes to the MBR. (Citation: Wikipedia Rootkit) Platforms: Linux, macOS, Windows Data Sources: BIOS, MBR, System calls Defense Bypassed: Anti-virus, File monitoring, Host intrusion prevention systems, Process whitelisting, Signature-based detection, System access controls, Whitelisting by file name or path Permissions Required: Administrator, SYSTEM, root |
Details | Published | Attributes | CTI | Title | ||
---|---|---|---|---|---|---|
Details | Website | 2025-01-22 | 87 | ValleyRAT: A Rootkit Leveraging Stolen Certificates and Bypassing AVs | ||
Details | Website | 2025-01-22 | 2 | Rekomendasi Tools Open Source Cybersecurity untuk Tim CSIRT | ||
Details | Website | 2025-01-21 | 0 | What is Digital Forensics? How to recover lost data | ||
Details | Website | 2025-01-20 | 4 | Pumakit - Sophisticated Linux Rootkit That Persist Even After Reboots | ||
Details | Website | 2025-01-20 | 0 | UEFI BootKit学习路线与资料分享 | ||
Details | Website | 2025-01-19 | 6 | R3 RootKit病毒技术研究入门 | ||
Details | Website | 2025-01-18 | 3 | New tool: immutable.py, (Sat, Jan 18th) | ||
Details | Website | 2025-01-18 | 10 | New tool: immutable.py - SANS Internet Storm Center | ||
Details | Website | 2025-01-17 | 5 | PT_LOAD injection and modifying the Entrypoint in C | ||
Details | Website | 2025-01-16 | 2 | Threat Intelligence Snapshot: Week 3, 2025 | ||
Details | Website | 2025-01-16 | 13 | Pumakit: A Sophisticated Linux Rootkit Targeting Critical Infrastructure - SOCRadar® Cyber Intelligence Inc. | ||
Details | Website | 2025-01-16 | 11 | 10-Days of learning — Day 6 — Persistence MalwarePersistence Malware: | ||
Details | Website | 2025-01-15 | 3 | Today’s Top Cyber Intelligence Highlights — Jan 15, 2025 | ||
Details | Website | 2025-01-14 | 0 | PIkit: The Ghost in Your Multi-Socket Machine | ||
Details | Website | 2025-01-13 | 8 | Deep Dive Into a Linux Rootkit Malware | FortiGuard Labs | ||
Details | Website | 2025-01-13 | 11 | Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions | Microsoft Security Blog | ||
Details | Website | 2025-01-11 | 7 | From Phishing to Payloads: Decoding Hacker Speak | ||
Details | Website | 2025-01-10 | 2 | New NonEuclid RAT Evades Antivirus and Encrypts Critical Files | ||
Details | Website | 2025-01-10 | 31 | 每周高级威胁情报解读(2025.01.10~01.16) | ||
Details | Website | 2025-01-09 | 0 | The Rising Threat of EAGERBEE Malware: A New Variant Targets Critical Infrastructure | ||
Details | Website | 2025-01-08 | 0 | MALWARE FAMILIES AND THEIR CHARACATERISTICS | ||
Details | Website | 2025-01-07 | 21 | Malware Trends Report: Q4, 2024 | ||
Details | Website | 2025-01-06 | 9 | Comprehensive Command and Control Tools for Red Teaming Operations | ||
Details | Website | 2025-01-06 | 9 | PLAYFULGHOST supports multiple information stealing features | ||
Details | Website | 2025-01-05 | 8 | Attack Tools in 2023–2024 |