I want to find 1 simple rootkit to test chkrootkit (a tool used to detect rootkit). Please recommend to me 1 rootkit and show me how to set it up or install it.
-
You might be better off looking for a sample testfile, such as is used for virus-scanners: eicar.org/83-0-Anti-Malware-Testfile.htmlD McKeon– D McKeon2013-12-20 19:14:28 +00:00Commented Dec 20, 2013 at 19:14
Add a comment
|
1 Answer
I found these via google:
Windows
payloads
- Download the 5 files below plus the file dumped from memory
- Download 2 pcap files from 2 runs of A2611095F689FADFFD3068E0D4E3E7ED
excerpt
ZeroAccess rootkit is far from new and exciting but but this is a fresh lot with still active C2 servers.
Although the dropper is detected by at least half of AV engines, post infection detection is another story. I tried Kaspersky TDSS Killer, Avast Rootkit utility and RootRepeal without any success. I used Gmer and LordPE to carve out the hidden file from the memory. You can use Redline or Volatility too.
You can download 5 files below together with pcaps from one of the files and the file dumped from memory. It appears that free videos and apps names are used as the lure in this case.
Linux
payload
excerpt
Here is another notable development of 2012 - Linux malware (see Wirenet trojan posted earlier too)
Research: ESET Malicious Apache module used for content injection: Linux/Chapro.A
All the samples are below. I did not test it thus no pcaps this time.
------Linux/Chapro.A e022de72cce8129bd5ac8a0675996318
------Injected iframe 111e3e0bf96b6ebda0aeffdb444bcf8d
------Java exploit 2bd88b0f267e5aa5ec00d1452a63d9dc
------Zeus binary 3840a6506d9d5c2443687d1cf07e25d0
Other samples?
You can search the website Cantagio which is a blog that is maintained for the collection of malware & virus samples.
-
maybe this rootkit is used in windows. I need the one in linux :(TrungTrung– TrungTrung2013-12-21 11:57:49 +00:00Commented Dec 21, 2013 at 11:57