VIRTUALPITA

Malware & Tools · VIRTUALPITA

· MalwareS1217 · Zararlı Yazılım

Type

malware

Techniques

Used By

1 groups

Platforms

ESXi, Linux

Description

VIRTUALPITA is a passive backdoor with ESXi and Linux vCenter variants capable of command execution, file transfer, and starting and stopping processes. VIRTUALPITA has been in use since at least 2022 including by UNC3886 who leveraged malicious vSphere Installation Bundles (VIBs) for install on ESXi hypervisors.(Citation: Google Cloud Threat Intelligence ESXi VIBs 2022)

Tactic Coverage

execution (3)stealth (2)command and control (2)persistence (1)privilege escalation (1)impact (1)lateral movement (1)discovery (1)defense impairment (1)

Used By (1 groups)

G1048UNC3886

Techniques (12)

T1036.004Masquerade Task or Service

stealth

T1036.005Match Legitimate Resource Name or Location

stealth

T1037Boot or Logon Initialization Scripts

persistenceprivilege escalation

T1059.004Unix Shell

execution

T1059.006Python

execution

T1105Ingress Tool Transfer

command and control

References

https://attack.mitre.org/software/S1217 https://cloud.google.com/blog/topics/threat-intelligence/esxi-hypervisors-malware-persistence