an undetectable type of malware that opens some backdoor on a machine to allow an attacker the ability to do what they want. Though the rootkit is undetectable, system behaviour can be monitored to detect possible rootkits.
IoCs
- suspicious file hashes and signatures
- Command and Control C&C traffic
- known malicious IP contact
- malicious use of system commands
- suspicious file access
- configuration changes
- executables
- port openings
- reverse proxy tunnels