Rootkit (T1014)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Rootkit

Associated Tactics

  • Defense Evasion

Defense Evasion (TA0005)

The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.

View on ATT&CK

Procedure Examples

Description Source(s)
Kurtz, G. (2012, November 19). HTTP iframe Injecting Linux Rootkit. Retrieved December 21, 2017. CrowdStrike Linux Rootkit
Pan, M., Tsai, S. (2014). You can’t see me: A Mac OS X Rootkit uses the tricks you haven't known yet. Retrieved December 21, 2017. BlackHat Mac OSX Rootkit
Symantec. (n.d.). Windows Rootkit Overview. Retrieved December 21, 2017. Symantec Windows Rootkits
Wikipedia. (2016, June 1). Rootkit. Retrieved June 2, 2016. Wikipedia Rootkit