Rootkit
| 17.10.2025 | LinkPro | LinkPro: eBPF rootkit analysis | MALWARE | Rootkit |
| 24.04.2025 | io_uring | io_uring Is Back, This Time as a Rootkit | MALWARE | ROOTKIT |
| 09.04.2025 | TCESB | How ToddyCat tried to hide behind AV software | MALWARE | Rootkit |
| 14.03.2025 | OBSCURE#BAT | Analyzing OBSCURE#BAT: Threat Actors Lure Victims into Executing Malicious Batch Scripts to Deploy Stealthy Rootkits | MALWARE | Rootkit |
| 27.02.2025 | CleverSoar | New “CleverSoar” Installer Targets Chinese and Vietnamese Users | MALWARE | Rootkit |
| 18.02.2025 | PRIVATELOG | A loader that's used to drop Winnti RAT (aka DEPLOYLOG) which, in turn, delivers a kernel-level rootkit named WINNKIT by means of a rootkit installer | MALWARE | Rootkit |
| 18.02.2025 | WINDJAMMER | A rootkit with capabilities to intercept TCPIP Network Interface, as well as create covert channels with infected endpoints within intranet | MALWARE | Rootkit |
| 13.12.2024 | PUMAKIT | PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain... | MALWARE | ROOTKIT |
| 25.11.2024 | GHOSTENGINE | When Guardians Become Predators: How Malware Corrupts the Protectors | MALWARE | ROOTKIT |
| 19.07.2024 | Demodex | A Comprehensive Look at the Updated Infection Chain of Ghost Emperor’s Demodex Rootkit. | MALWARE | Rootkit |
| 02.02.2024 | BPFdoor | We discuss proof-of-concept rootkits and malware used by cybercriminals in conjunction with Berkeley Packet Filtering (BPF), .... | MALWARE | Rootkit |
| 05.10.2023 | r77 | According to the author, r77 is a ring 3 rootkit that hides everything: * Files, directories * Processes & CPU usage * Registry keys & values * Services * TCP & UDP connections * Junctions, named pipes, scheduled tasks | MALWARE | Rootkit |
| 13.07.2023 | FiveSys | Digitally-Signed Rootkits are Back – A Look at FiveSys and Companions | MALWARE | Rootkit |
| 24.06.2023 | BlackLotus | BlackLotus stage 2 bootkit-rootkit analysis | MALWARE | Rootkit |
| 09.01.2023 | Gootkit | We analyzed the infection routine used in recent Gootkit loader attacks on the Australian healthcare industry and found that Gootkit leveraged SEO poisoning for its initial access and abused legitimate tools like VLC Media Player. | MALWARE | Rootkit |
| 16.06.2022 | Sality | Modern Sality variants also have the ability to communicate over a peer-to-peer (P2P) network, allowing an attacker to control a botnet of Sality-infected machines. | MALWARE | Rootkit/Backdoor |