VIRTUALPITA

Description

(Mandiant) VIRTUALPITA is a 64-bit passive backdoor that creates a listener on a hardcoded port number on a VMware ESXi server. The backdoor often utilizes VMware service names and ports to masquerade as a legitimate service. It supports arbitrary command execution, file upload and download, and the ability to start and stop vmsyslogd. During arbitrary command execution, the malware also sets the environmental variable HISTFILE to 0 to further hide activity that occurred on the machine. Variants of this malware were found to listen on a Virtual Machine Communication Interface (VMCI) and log this activity to the file sysclog.

Names

Name
VIRTUALPITA

Type

Backdoor

Information

https://cloud.google.com/blog/topics/threat-intelligence/esxi-hypervisors-malware-persistence

Other Information

Uuid

c3eb047f-01f5-47a2-bda0-fd6d7d32146d

Last Card Change

2024-08-26

Threat Intelligence Garden

Explorer

VIRTUALPITA

VIRTUALPITA

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks