// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE PUB-ENTDTG 0600Z
ColdReconTechniquesT1014
Technique T1014

Rootkit

CLEARED FOR PUBLIC RELEASE · OPEN-SOURCE INTELLIGENCE
Rootkit (T1014) — a Defense Evasion technique, observed in public incident reporting.
MITRE ATT&CKT1014
TacticDefense Evasion
Incidents on file7

Detection & mitigation

Monitor for unexpected WDAC policy deployments (Event ID 3099) and use integrity checks on critical system files. Deploy application allowlisting and restrict WDAC policy modification to authorized administrators only.

Track this in real time.

ColdRecon watches the public signal so you don't have to — a daily brief and a live detection-coverage desk. Request clearance.

Request Clearance →