#T1014 Rootkit

Technique

  • Tactics: Defense Evasion
  • Description:

    Adversaries may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components. Rootkits are programs that hide the existence of malware by intercepting/hooking and modifying operating system API calls that supply system information. (Citation: Symantec Windows Rootkits)

    Rootkits or rootkit enabling functionality may reside at the user or kernel level in the operating system or lower, to include a hypervisor or [System Firmware](https://attack.mitre.org/techniques/T1542/001). (Citation: Wikipedia Rootkit) Rootkits have been seen for Windows, Linux, and Mac OS X systems. (Citation: CrowdStrike Linux Rootkit) (Citation: BlackHat Mac OSX Rootkit)

    Rootkits that reside or modify boot sectors are known as [Bootkit](https://attack.mitre.org/techniques/T1542/003)s and specifically target the boot process of the operating system.

  • First Seen: FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks • 2020-08-26
MITRE ATT&CK

Tagged Reports

2022-09-30
ESET
#BYOVD #T1106 #T1566.003 #T1027.002 #T1059.003 #T1566.001 #T1573.001 #T1218.011 #T1547.001 #T1140 #T1584.004 #T1587.001 #T1132.001 #T1014 #T1204.002 #T1547.006 #T1071.001 #T1574.002 #T1560.002 #T1070.006
2020-08-26
USCISA
#BeagleBoyz #FASTCash2 #T1190 #T1562.001 #T1565.002 #T1543.003 #T1552.004 #T1056 #T1119 #T1565.003 #T1553.002 #T1485 #T1199 #T1021 #T1078 #T1010 #T1014 #T1574.001 #T1033 #T1203 #T1036 #T1012 #T1016 #T1059.005 #T1106 #T1027 #T1102 #T1071 #T1053.004 #T1027.005 #T1049 #T1140 #T1005 #T1129 #T1105 #T1110 #T1095 #T1489 #T1569.002 #T1573 #T1057 #T1082 #T1561.002 #T1518.001 #T1566.001 #T1548.003 #T1090 #T1041 #T1219 #T1560 #T1202 #T1562.003 #T1059.001 #T1189 #T1204 #T1070.006 #T1059 #T1101 #T1565.001 #T1056.004 #T1098 #T1547.001 #T1053.003 #T1562.006 #T1070.004 #T1505.003 #T1070.003 #T1113 #T1132.001 #T1020 #T1021.002 #T1218.001 #T1055 #T1087 #T1115 #T1083 #T1053 #T1486 #T1133 #T1021.001 #T1217
« Back