indicatorfilename
/sys/kernel/debug/kprobes/list
- First seen
- 2026-05-13
- Last seen
- 2026-05-13
- Sightings
- 1
Posts referencing this indicator
- Hooked on Linux: Rootkit Taxonomy, Hooking Techniques and Tradecraft
Kernel debug file that lists active kprobes; monitored to detect unexpected or malicious kprobes registered by rootkits.