216.73.217.172

VIRTUALPITA

The MITRE Corporation · Published 02/06/2025 20:53 · Modified 27/03/2026 01:06 Family

Essential information

Confidence
100/100
Is family
Yes
Published
02/06/2025 20:53
Modified
27/03/2026 01:06
Revoked
No
Author / Source
The MITRE Corporation
Related entities
29 attack patterns (mitre), 1 intrusion sets (apt), 14 indicators

Description

[VIRTUALPITA](https://attack.mitre.org/software/S1217) is a passive backdoor with ESXi and Linux vCenter variants capable of command execution, file transfer, and starting and stopping processes. [VIRTUALPITA](https://attack.mitre.org/software/S1217) has been in use since at least 2022 including by [UNC3886](https://attack.mitre.org/groups/G1048) who leveraged malicious vSphere Installation Bundles (VIBs) for install on ESXi hypervisors.(Citation: Google Cloud Threat Intelligence ESXi VIBs 2022)

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references