216.73.216.6

VersaMem

The MITRE Corporation · Published 27/08/2024 21:00 · Modified 27/03/2026 01:03 Family

Essential information

Confidence
100/100
Is family
Yes
Published
27/08/2024 21:00
Modified
27/03/2026 01:03
Revoked
No
Author / Source
The MITRE Corporation
Related entities
8 attack patterns (mitre), 1 intrusion sets (apt), 1 campaign, 1 campaigns

Description

[VersaMem](https://attack.mitre.org/software/S1154) is a web shell designed for deployment to Versa Director servers following exploitation. Discovered in August 2024, [VersaMem](https://attack.mitre.org/software/S1154) was used during [Versa Director Zero Day Exploitation](https://attack.mitre.org/campaigns/C0039) by [Volt Typhoon](https://attack.mitre.org/groups/G1017) to target ISPs and MSPs. [VersaMem](https://attack.mitre.org/software/S1154) is deployed as a Java Archive (JAR) and allows for credential capture for Versa Director logon activity as well as follow-on execution of arbitrary Java payloads.(Citation: Lumen Versa 2024)

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.