Show in Graph
Common Information
Type Value
Value 
Rootkit - T1014
Category Attack-Pattern
Type Mitre-Enterprise-Attack-Attack-Pattern
Misp Type Cluster
Description Rootkits are programs that hide the existence of malware by intercepting (i.e., Hooking) and modifying operating system API calls that supply system information. (Citation: Symantec Windows Rootkits) Rootkits or rootkit enabling functionality may reside at the user or kernel level in the operating system or lower, to include a Hypervisor, Master Boot Record, or the System Firmware. (Citation: Wikipedia Rootkit) Adversaries may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components. Rootkits have been seen for Windows, Linux, and Mac OS X systems. (Citation: CrowdStrike Linux Rootkit) (Citation: BlackHat Mac OSX Rootkit) Detection: Some rootkit protections may be built into anti-virus or operating system software. There are dedicated rootkit detection tools that look for specific types of rootkit behavior. Monitor for the existence of unrecognized DLLs, devices, services, and changes to the MBR. (Citation: Wikipedia Rootkit) Platforms: Linux, macOS, Windows Data Sources: BIOS, MBR, System calls Defense Bypassed: Anti-virus, File monitoring, Host intrusion prevention systems, Process whitelisting, Signature-based detection, System access controls, Whitelisting by file name or path Permissions Required: Administrator, SYSTEM, root
Details Published Attributes CTI Title
Details Website 2025-04-26 30 Virus:Win32/Expiro Backdoor in 2025 – Gridinsoft Blog
Details Website 2025-04-26 10 通用 Linux kernel rootkit 开发导论 | CTF导航
Details Website 2025-04-25 0 Clandestine rootkit compromise possible with Linux io_uring interface issue
Details Website 2025-04-25 40 Earth Kurma APT Campaign Targets Southeast Asian Government Telecom Sectors
Details Website 2025-04-24 0 New Linux Rootkit - Schneier on Security
Details Website 2025-04-24 0 ARMO: io_uring Interface Creates Security ‘Blind Spot’ in Linux
Details Website 2025-04-24 0 Linux 'io_uring' security blindspot allows stealthy rootkit attacks
Details Website 2025-04-21 0 Rootkit-Zararlı Yazılımlar(Malware’ler) #4
Details Website 2025-04-21 0 Hackers Claim to Sell ‘Baldwin Killer’ Malware That Evades AV and EDR
Details Website 2025-04-21 11 Exploring Sysinternals: A Deep Dive into Windows System Analysis Tools
Details Website 2025-04-21 9 Understanding Rootkits: The Ultimate Cybersecurity Nightmare and Direct Kernel Object Manipulation
Details Website 2025-04-21 10 Module 3 — Information Security Threats and Vulnerability Assessment
Details Website 2025-04-19 46 ️ Essential Tools for Malware Analysis
Details Website 2025-04-17 0 Hacking Linux with Zombie Processes
Details Website 2025-04-17 0 Does Factory Reset Actually Remove Viruses? A Security Expert’s Perspective
Details Website 2025-04-15 1 恶意软件 BPFDoor 利用反向 Shell,深入渗透网络发动隐秘攻击-安全KER - 安全资讯平台
Details Website 2025-04-14 0 Unveiling Malware: Types, Threats, and Defenses in the Digital Age
Details Website 2025-04-14 0 MODULE 2 ON THE JUNIOR ANALYST PATH: ATTACKS, CONCEPT AND TECHNIQUES
Details Website 2025-04-14 6 Keylogging: A Practical Approach.
Details Website 2025-04-14 0 MANIFESTO ZERO
Details Website 2025-04-14 5 BPFDoors Hidden Controller Used Against Asia, Middle East Targets
Details Website 2025-04-13 0 A Cyberattack Brewed in a Coffee Pot: The Strangest Hack of 2025
Details Website 2025-04-13 7 The Hacker’s Library: Uncovering the Best Books
Details Website 2025-04-12 0 Truva Atları(Trojans)-Zararlı Yazılımlar(Malware’ler) #1
Details Website 2025-04-10 0 Darknet Threats Targeting Semiconductor Companies