 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: VIRTUALPITA| Names | VIRTUALPITA | |
| Category | Malware | |
| Type | Backdoor | |
| Description | (Mandiant) VIRTUALPITA is a 64-bit passive backdoor that creates a listener on a hardcoded port number on a VMware ESXi server. The backdoor often utilizes VMware service names and ports to masquerade as a legitimate service. It supports arbitrary command execution, file upload and download, and the ability to start and stop vmsyslogd. During arbitrary command execution, the malware also sets the environmental variable HISTFILE to 0 to further hide activity that occurred on the machine. Variants of this malware were found to listen on a Virtual Machine Communication Interface (VMCI) and log this activity to the file sysclog. | |
| Information | <https://cloud.google.com/blog/topics/threat-intelligence/esxi-hypervisors-malware-persistence> | |
Last change to this tool card: 26 August 2024
Download this tool card in JSON format
Previous: VIRTUALPIE
Next: VIRTUALSHINE
| Changed | Name | Country | Observed | ||
APT groups | |||||
| UNC3886 |  | 2021-2023 | |||
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |