A set of tools used by an attacker after gaining root-level access to a host to conceal the attacker’s activities on the host and permit the attacker to maintain root-level access to the host through covert means.
Sources:
CNSSI 4009-2015
NIST SP 800-150
under Rootkit
A collection of files that is installed on a host to alter the standard functionality of the host in a malicious and stealthy way.
Sources:
NIST SP 800-83 Rev. 1
under Rootkit