[rkhunter]

Malware that involves boot time's infection: Bootkits, VBR, Mbrlocks, etc.

Sorted in the alphabetical order.

• Aduska bootkit (Whistler based)
• Bioskit/Wador
• Caphaw/Geth bootkit (MBR infection)
• Carberp (BkLoader based)
• Cidox/Mayachok/Rovnix (VBR/IPL infection way, BkLoader based)
• Fips Chinese bootkit
• Gapz (VBR infection)
• Gootkit (BkLoader based)
• Guntior/Wapomi bootkit (Chinese combine)
• Halcbot bootkit (alias Lapka, Fengd, Pabueri)
• MaxSS, TDL4 fork (MBR + VBR infection, new hidden partition)
• MBRLock/Bootlock (MBR-based ransomware)
• Mebratix/Nedoboot (MBR infection)
• PbBot bootkit (alias Plite, GBPBoot)
• Pitou (MBR infection, alias Backboot)
• PiXiEServ (Not Malware)
• Popureb/Alipop (MBR infection)
• Simda (BkLoader based)
• Sinowal/Mebroot (MBR infection)
• Smitnyl (MBR infection)
• TDL4 (MBR infection)
• KillMBR/HDDKill (MBR damage)
• Whistler (MBR infection)
• Xpaj (with MBR infection)
• Yurn (MBR infection)

MBR dump library by Tigzy - contain some bootstrap codes of listed above bootkits.

If you have modern bootkit that is not listed here and you want to share sample - start new dedicated thread, link to it will be added here.