{
	"id": "b705dce2-0f6a-490c-89e9-2b661dc4e05b",
	"created_at": "2026-04-06T01:32:09.256093Z",
	"updated_at": "2026-04-10T03:20:30.877235Z",
	"deleted_at": null,
	"sha1_hash": "15fbe960f6b7141a3415d981d3cbb743e315afbd",
	"title": "GitHub - chokepoint/azazel: Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection.",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 38352,
	"plain_text": "GitHub - chokepoint/azazel: Azazel is a userland rootkit based off\r\nof the original LD_PRELOAD technique from Jynx rootkit. It is\r\nmore robust and has additional features, and focuses heavily\r\naround anti-debugging and anti-detection.\r\nBy chokepoint\r\nArchived: 2026-04-06 00:16:30 UTC\r\nV 0.1\r\nThe whole earth has been corrupted through the works that were taught by Azazel: to him ascribe all\r\nsin. -- 1 Enoch 2:8\r\nAzazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more\r\nrobust and has additional features, and focuses heavily around anti-debugging and anti-detection.\r\nFeatures\r\nAnti-debugging\r\nAvoids unhide, lsof, ps, ldd detection\r\nHides files and directories\r\nHides remote connections\r\nHides processes\r\nHides logins\r\nPCAP hooks avoids local sniffing\r\nTwo accept backdoors.\r\nCrypthook encrypted accept() backdoor -- Full PTY\r\nPlaintext accept() backdoor -- Full PTY\r\nPAM backdoor for local privesc and remote entry\r\nLog cleanup for utmp/wtmp entries based on pty\r\nUsing netcat to communicate with a remote PTY isn't the best idea. See below for a better PTY client written by\r\nInfoDox, or use socat with a command similar to the following and then just paste the password into the session,\r\notherwise socat send the first char making the passwords not match.\r\nsocat -,raw,echo=0 TCP:target:port,bind=:61040\r\nLinks\r\nBetter PTY Client\r\nhttps://github.com/chokepoint/azazel\r\nPage 1 of 2\n\nDisclaimer\r\nThe authors are in no way responsible for any illegal use of this software. It is provided purely as an educational\r\nproof of concept. We are also not responsible for any damages or mishaps that may happen in the course of using\r\nthis software. Use at your own risk.\r\nSource: https://github.com/chokepoint/azazel\r\nhttps://github.com/chokepoint/azazel\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://github.com/chokepoint/azazel"
	],
	"report_names": [
		"azazel"
	],
	"threat_actors": [],
	"ts_created_at": 1775439129,
	"ts_updated_at": 1775791230,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/15fbe960f6b7141a3415d981d3cbb743e315afbd.pdf",
		"text": "https://archive.orkl.eu/15fbe960f6b7141a3415d981d3cbb743e315afbd.txt",
		"img": "https://archive.orkl.eu/15fbe960f6b7141a3415d981d3cbb743e315afbd.jpg"
	}
}