<<< Hide Navigation Hide TOC >>>

VersaMem - S1154 (0a6ec267-83a9-41a5-98c7-57c3ff81e11f)

VersaMem is a web shell designed for deployment to Versa Director servers following exploitation. Discovered in August 2024, VersaMem was used during Versa Director Zero Day Exploitation by Volt Typhoon to target ISPs and MSPs. VersaMem is deployed as a Java Archive (JAR) and allows for credential capture for Versa Director logon activity as well as follow-on execution of arbitrary Java payloads.(Citation: Lumen Versa 2024)

Rows: 12

Loading extensions...

Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

---

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi

Close

?

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
	Clear Attack Pattern Malware		Clear Attack Pattern Malware	Clear 1 2
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	VersaMem - S1154 (0a6ec267-83a9-41a5-98c7-57c3ff81e11f)	Malware	1
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	VersaMem - S1154 (0a6ec267-83a9-41a5-98c7-57c3ff81e11f)	Malware	1
VersaMem - S1154 (0a6ec267-83a9-41a5-98c7-57c3ff81e11f)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	VersaMem - S1154 (0a6ec267-83a9-41a5-98c7-57c3ff81e11f)	Malware	1
VersaMem - S1154 (0a6ec267-83a9-41a5-98c7-57c3ff81e11f)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	1
VersaMem - S1154 (0a6ec267-83a9-41a5-98c7-57c3ff81e11f)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	1
VersaMem - S1154 (0a6ec267-83a9-41a5-98c7-57c3ff81e11f)	Malware	Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	1
VersaMem - S1154 (0a6ec267-83a9-41a5-98c7-57c3ff81e11f)	Malware	Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	1
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	2