A
- acpi_tables
- adore_rootkit
- adore_worm
- ad_config
- ajakit_rootkit
- alf
- alf_exceptions
- alf_explicit_auths
- alf_services
- anonoiyng_rootkit
- Aobo_Keylogger
- apa_kit
- AppCompat
- App_disabledExceptionChainValidation
- App_ExecuteOptions
- App_MitigationOptions
- app_schemes
- apt_sources
- ark_rootkit
- arp_cache
- AuditSpecialGroups
B
C
D
E
H
K
L
M
O
- OceanLotus_dropped_file_1
- OceanLotus_launchagent
- old_rootkits
- Olyx
- omega_worm
- OpenType_Font_Driver_Vulnerability
- open_files
- open_sockets
- opera_extensions
- optickit
- osquery_info
- OSX_Backdoor_Mokes
- OSX_ColdRoot_RAT_Files
- OSX_ColdRoot_RAT_Launchd
- OSX_DOK_1
- OSX_DOK_2
- OSX_DOK_3
- OSX_DOK_4
- OSX_Dummy_Files
- OSX_Dummy_Launchd
- OSX_FruitFly
- OSX_HiddenLotus
- OSX_Keydnap
- OSX_Komplex
- OSX_MaMi_Certificate
- OSX_MaMi_DNS_Servers
- OSX_Mughthesec
- OSX_Pirrit
- OSX_Proton_Files
- OSX_Proton_Launchd
- OSX_Proton_Process
- OSX_Snake
- os_version
- override_rootkit
P
S
- sadmind/iis_worm
- safari_extensions
- SaferFlags
- sandboxes
- scalper_installed
- SearchInstUpdater
- SecureBoot
- services.exe_incorrect_parent_process
- shell_history
- shitc
- shkit_rootkit
- showtee
- showtee_/_romanian_rootkit
- shv5_rootkit
- sip_config
- slapper_installed
- smbios_tables
- SniperSpy
- SocialFixer
- solaris_worm
- Spigot
- startup_items
- StickyKeys_File_Replace_Backdoor
- StickyKeys_Registry_Backdoor
- suckit_rootkit
- suid_bin
- suspicious_file
- svchost.exe_incorrect_parent_process
- svchost.exe_incorrect_path
- SysmonConfig