Names | CAKETAP | |
Category | Malware | |
Type | Rootkit | |
Description | (Mandiant) CAKETAP is a kernel module rootkit that UNC2891 deployed on key server infrastructure running Oracle Solaris. CAKETAP can hide network connections, processes, and files. During initialization, it removes itself from the loaded modules list and updates the last_module_id with the previously loaded module to hide its presence. | |
Information | <https://www.mandiant.com/resources/unc2891-overview> |
Last change to this tool card: 03 April 2022
Download this tool card in JSON format
Previous: Cain & Abel
Next: CALENDAR
Changed | Name | Country | Observed | ||
APT groups | |||||
UNC2891 | [Unknown] | 2020 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |