diff --git a/modules/utilities/unix/compromised/adore_rootkit_static/adore_rootkit_static.pp b/modules/utilities/unix/compromised/adore_rootkit_static/adore_rootkit_static.pp
new file mode 100644
index 000000000..0c4a1da36
--- /dev/null
+++ b/modules/utilities/unix/compromised/adore_rootkit_static/adore_rootkit_static.pp
@@ -0,0 +1 @@
+include adore_rootkit_static::install
diff --git a/modules/utilities/unix/compromised/adore_rootkit_static/files/ls b/modules/utilities/unix/compromised/adore_rootkit_static/files/ls
new file mode 100755
index 000000000..f15873f66
Binary files /dev/null and b/modules/utilities/unix/compromised/adore_rootkit_static/files/ls differ
diff --git a/modules/utilities/unix/compromised/adore_rootkit_static/files/netstat b/modules/utilities/unix/compromised/adore_rootkit_static/files/netstat
new file mode 100755
index 000000000..d39385f62
Binary files /dev/null and b/modules/utilities/unix/compromised/adore_rootkit_static/files/netstat differ
diff --git a/modules/utilities/unix/compromised/adore_rootkit_static/files/ps b/modules/utilities/unix/compromised/adore_rootkit_static/files/ps
new file mode 100755
index 000000000..704ac2dbb
Binary files /dev/null and b/modules/utilities/unix/compromised/adore_rootkit_static/files/ps differ
diff --git a/modules/utilities/unix/compromised/adore_rootkit_static/manifests/install.pp b/modules/utilities/unix/compromised/adore_rootkit_static/manifests/install.pp
new file mode 100644
index 000000000..04ba57d55
--- /dev/null
+++ b/modules/utilities/unix/compromised/adore_rootkit_static/manifests/install.pp
@@ -0,0 +1,27 @@
+class adore_rootkit_static::install {
+
+  # TODO: rootkit configuration
+  # $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+  # $hidden_ports = join($secgen_parameters['hidden_ports'], "\|")
+  # $hidden_strings = join($secgen_parameters['hidden_strings'], "\|")
+
+  file { '/bin/ls':
+    source => 'puppet:///modules/adore_rootkit_static/ls',
+    mode   => '0755',
+    owner => 'root',
+    group => 'root',
+  }
+  file { '/bin/netstat':
+    source => 'puppet:///modules/adore_rootkit_static/netstat',
+    mode   => '0755',
+    owner => 'root',
+    group => 'root',
+  }
+  file { '/bin/ps':
+    source => 'puppet:///modules/adore_rootkit_static/ps',
+    mode   => '0755',
+    owner => 'root',
+    group => 'root',
+  }
+
+}
diff --git a/modules/utilities/unix/compromised/adore_rootkit_static/secgen_metadata.xml b/modules/utilities/unix/compromised/adore_rootkit_static/secgen_metadata.xml
new file mode 100644
index 000000000..42d9f5874
--- /dev/null
+++ b/modules/utilities/unix/compromised/adore_rootkit_static/secgen_metadata.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+
+<utility xmlns="http://www.github/cliffe/SecGen/utility"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://www.github/cliffe/SecGen/utility">
+  <name>Adore rootkit</name>
+  <author>Z. Cliffe Schreuders</author>
+  <module_license>MIT</module_license>
+  <description>Some static rootkit binaries from the Adore rootkit. (Not compiled by SecGen.)
+  </description>
+
+  <type>userspace_rootkit</type>
+  <platform>linux</platform>
+
+  <!-- TODO: install Adore with configuration -->
+
+  <!-- <read_fact>hidden_ports</read_fact>
+  <read_fact>hidden_strings</read_fact>
+
+  <default_input into="hidden_ports">
+    <value>4444</value>
+    <value>12345</value>
+  </default_input>
+  <default_input into="hidden_strings">
+    <value>hideme</value>
+    <value>hme</value>
+  </default_input> -->
+
+</utility>