[a_d_13]

Hello,

Here is a set of old rootkits that was used to test RootRepeal. It contains the following rootkit droppers:

• Dr.allinone(TR.inject): All-In-One Rootkit (aka. Trojan.Inject.104). See here.
• Dr.Cutwail bulknet runtime2
• Dr.Haxdoor(ntio256 series)
• Dr.Haxdoor.sm
• Dr.MBR I_mat25
• Dr.MBR_RkII_se
• Dr.MBR_RKIIII.v2rxu6
• Dr.Nulprot-Saturn
• Dr.Rustock B huy32
• DR.Rustock lzx32
• Dr.Rustock xpdx
• Dr.Rustock.PE386
• Dr.Srizbi

Also attached is a package of old TDSS droppers - the gxvxcserv, kbiwkm, msliksurserv, msqp, seneka and ytasfw variants.

Some other rootkits that can be used for testing:

• TDL3 - Downloads available here.
• TDL4 - Downloads available here.

If you know of any other rootkits that can be used for testing, please post them here.

Thanks,
--AD

EDIT: The set of old rootkits is courtesy of fatdcuk :)

[EP_X0FF]

I think it is a good idea to share some rare rootkit samples.

Here are few rootkits found in collection few days ago when I was searching for one specific.

BlackEnergy 2+
BlackEnergy 2
ZeroAccess
pre ZeroAccess (Max++ Win32k Router)
TDL2
Ascesso
ObOpenObjectByName hooker
Triplex
MaxSS (TDL3 mod)
Bootkit V2 (Sinowal/Maosboot)
Srizbi
runtime

pass: malware

some of them needs manual setup to work

[EP_X0FF]

While looking for some museum exhibits today I have found some old Rustock droppers of several versions/version branches and some other rootkits including first ITW rootkit defeated by RkU in 2006.