VersaMem (ea857bb3-408e-566f-a693-96d9dc4f3c90)
VersaMem is a web shell designed for deployment to Versa Director servers following exploitation. Discovered in August 2024, VersaMem was used during Versa Director Zero Day Exploitation by Volt Typhoon to target ISPs and MSPs. VersaMem is deployed as a Java Archive (JAR) and allows for credential capture for Versa Director logon activity as well as follow-on execution of arbitrary Java payloads.[Lumen Versa 2024]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| VersaMem (ea857bb3-408e-566f-a693-96d9dc4f3c90) | Tidal Software | Volt Typhoon (4ea1245f-3f35-5168-bd10-1fc49142fd4e) | Tidal Groups | 1 |