Common Information
Type Value
Value
Rootkit - T1014
Category Attack-Pattern
Type Mitre-Enterprise-Attack-Attack-Pattern
Misp Type Cluster
Description Rootkits are programs that hide the existence of malware by intercepting (i.e., Hooking) and modifying operating system API calls that supply system information. (Citation: Symantec Windows Rootkits) Rootkits or rootkit enabling functionality may reside at the user or kernel level in the operating system or lower, to include a Hypervisor, Master Boot Record, or the System Firmware. (Citation: Wikipedia Rootkit) Adversaries may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components. Rootkits have been seen for Windows, Linux, and Mac OS X systems. (Citation: CrowdStrike Linux Rootkit) (Citation: BlackHat Mac OSX Rootkit) Detection: Some rootkit protections may be built into anti-virus or operating system software. There are dedicated rootkit detection tools that look for specific types of rootkit behavior. Monitor for the existence of unrecognized DLLs, devices, services, and changes to the MBR. (Citation: Wikipedia Rootkit) Platforms: Linux, macOS, Windows Data Sources: BIOS, MBR, System calls Defense Bypassed: Anti-virus, File monitoring, Host intrusion prevention systems, Process whitelisting, Signature-based detection, System access controls, Whitelisting by file name or path Permissions Required: Administrator, SYSTEM, root
Details Published Attributes CTI Title
Details Website 2025-01-22 87 ValleyRAT: A Rootkit Leveraging Stolen Certificates and Bypassing AVs
Details Website 2025-01-22 2 Rekomendasi Tools Open Source Cybersecurity untuk Tim CSIRT
Details Website 2025-01-21 0 What is Digital Forensics? How to recover lost data
Details Website 2025-01-20 4 Pumakit - Sophisticated Linux Rootkit That Persist Even After Reboots
Details Website 2025-01-20 0 UEFI BootKit学习路线与资料分享
Details Website 2025-01-19 6 R3 RootKit病毒技术研究入门
Details Website 2025-01-18 3 New tool: immutable.py, (Sat, Jan 18th)
Details Website 2025-01-18 10 New tool: immutable.py - SANS Internet Storm Center
Details Website 2025-01-17 5 PT_LOAD injection and modifying the Entrypoint in C
Details Website 2025-01-16 2 Threat Intelligence Snapshot: Week 3, 2025
Details Website 2025-01-16 13 Pumakit: A Sophisticated Linux Rootkit Targeting Critical Infrastructure - SOCRadar® Cyber Intelligence Inc.
Details Website 2025-01-16 11 10-Days of learning — Day 6 — Persistence MalwarePersistence Malware:
Details Website 2025-01-15 3 Today’s Top Cyber Intelligence Highlights — Jan 15, 2025
Details Website 2025-01-14 0 PIkit: The Ghost in Your Multi-Socket Machine
Details Website 2025-01-13 8 Deep Dive Into a Linux Rootkit Malware | FortiGuard Labs
Details Website 2025-01-13 11 Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions | Microsoft Security Blog
Details Website 2025-01-11 7 From Phishing to Payloads: Decoding Hacker Speak
Details Website 2025-01-10 2 New NonEuclid RAT Evades Antivirus and Encrypts Critical Files
Details Website 2025-01-10 31 每周高级威胁情报解读(2025.01.10~01.16)
Details Website 2025-01-09 0 The Rising Threat of EAGERBEE Malware: A New Variant Targets Critical Infrastructure
Details Website 2025-01-08 0 MALWARE FAMILIES AND THEIR CHARACATERISTICS
Details Website 2025-01-07 21 Malware Trends Report: Q4, 2024
Details Website 2025-01-06 9 Comprehensive Command and Control Tools for Red Teaming Operations
Details Website 2025-01-06 9 PLAYFULGHOST supports multiple information stealing features
Details Website 2025-01-05 8 Attack Tools in 2023–2024