CAKETAP

Description

(Mandiant) CAKETAP is a kernel module rootkit that UNC2891 deployed on key server infrastructure running Oracle Solaris. CAKETAP can hide network connections, processes, and files. During initialization, it removes itself from the loaded modules list and updates the last_module_id with the previously loaded module to hide its presence.

Names

Name
CAKETAP

Type

Rootkit

Information

https://www.mandiant.com/resources/unc2891-overview

Other Information

Uuid

23885eea-e205-4f33-bfb5-2fb680c51d34

Last Card Change

2022-04-03

Threat Intelligence Garden

Explorer

CAKETAP

CAKETAP

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks