Declawing PUMAKIT
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
PUMAKIT is a sophisticated multi-stage Linux malware consisting of a dropper, memory-resident executables, an LKM rootkit, and a userland rootkit. It employs advanced stealth techniques to hide its presence and maintain C2 communication. The rootkit hooks 18 syscalls and kernel functions using ftrace to manipulate system behavior, including hiding files, privilege escalation, and anti-debugging. It uses unconventional methods like the rmdir syscall for interaction. The malware checks for specific conditions before activating and embeds all components within the dropper. Key capabilities include privilege escalation, file/directory hiding, anti-debugging, and C2 communication.
OPENCTI LABELS :
rootkit,privilege escalation,pumakit,kitsune,syscall hooking
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Declawing PUMAKIT