Drovorub (Russian: дроворуб, "woodcutter") is a software toolkit for developing malware for the Linux operating system. It was created by the 85th Main Special Service Center, a unit of the Russian GRU often referred to as APT28.

Drovorub has a sophisticated modular architecture, containing an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a command and control server. Drovorub has been described as a "Swiss-army knife for hacking Linux".

The U.S. government report that first identified Drovorub recommends the use of UEFI Secure Boot and Linux's native kernel module signing facility to resist Drovorub attacks.