Rootkit 

17.10.2025 LinkPro LinkPro: eBPF rootkit analysis MALWARE Rootkit
24.04.2025 io_uring io_uring Is Back, This Time as a Rootkit MALWARE ROOTKIT
09.04.2025 TCESB How ToddyCat tried to hide behind AV software MALWARE Rootkit
14.03.2025 OBSCURE#BAT Analyzing OBSCURE#BAT: Threat Actors Lure Victims into Executing Malicious Batch Scripts to Deploy Stealthy Rootkits MALWARE Rootkit
27.02.2025 CleverSoar New “CleverSoar” Installer Targets Chinese and Vietnamese Users MALWARE Rootkit
18.02.2025 PRIVATELOG  A loader that's used to drop Winnti RAT (aka DEPLOYLOG) which, in turn, delivers a kernel-level rootkit named WINNKIT by means of a rootkit installer MALWARE Rootkit
18.02.2025 WINDJAMMER  A rootkit with capabilities to intercept TCPIP Network Interface, as well as create covert channels with infected endpoints within intranet MALWARE Rootkit
13.12.2024 PUMAKIT  PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain... MALWARE ROOTKIT
25.11.2024 GHOSTENGINE  When Guardians Become Predators: How Malware Corrupts the Protectors MALWARE ROOTKIT
19.07.2024 Demodex  A Comprehensive Look at the Updated Infection Chain of Ghost Emperor’s Demodex Rootkit.  MALWARE Rootkit
02.02.2024 BPFdoor We discuss proof-of-concept rootkits and malware used by cybercriminals in conjunction with Berkeley Packet Filtering (BPF), .... MALWARE Rootkit
05.10.2023 r77 According to the author, r77 is a ring 3 rootkit that hides everything: * Files, directories * Processes & CPU usage * Registry keys & values * Services * TCP & UDP connections * Junctions, named pipes, scheduled tasks MALWARE Rootkit
13.07.2023 FiveSys Digitally-Signed Rootkits are Back – A Look at FiveSys and Companions MALWARE Rootkit
24.06.2023 BlackLotus BlackLotus stage 2 bootkit-rootkit analysis MALWARE Rootkit
09.01.2023 Gootkit We analyzed the infection routine used in recent Gootkit loader attacks on the Australian healthcare industry and found that Gootkit leveraged SEO poisoning for its initial access and abused legitimate tools like VLC Media Player.  MALWARE Rootkit
16.06.2022 Sality Modern Sality variants also have the ability to communicate over a peer-to-peer (P2P) network, allowing an attacker to control a botnet of Sality-infected machines.  MALWARE Rootkit/Backdoor