← All drivers
Field Guide · Family
Daxin (state-sponsored rootkit)
Daxin is a sophisticated rootkit backdoor disclosed by Symantec (Broadcom) and CISA in February 2022. Attributed to a state-sponsored threat actor, it was used for long-duration espionage against government agencies and critical infrastructure for approximately eight years before discovery.
16
Drivers
0
Vulnerable
16
Malicious
16
With Field Notes
daxin_blank.sys
malicious✎
daxin_blank1.sys
malicious✎
daxin_blank2.sys
malicious✎
daxin_blank3.sys
malicious✎
daxin_blank4.sys
malicious✎
daxin_blank5.sys
malicious✎
daxin_blank6.sys
malicious✎
ndislan.sys
malicious✎
ntbios_2.sys
malicious✎
ntbios.sys
malicious✎
wantd_2.sys
malicious✎
wantd_3.sys
malicious✎
wantd_4.sys
malicious✎
wantd_5.sys
malicious✎
wantd_6.sys
malicious✎
wantd.sys
malicious✎
Family grouping is Vera's. Status data comes from the public LOLDrivers project.
