Crutch

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
Crutch is a sophisticated malware attributed to the Turla group, first discovered by ESET researchers in December 2020. It's considered a second-stage backdoor, achieving persistence through DLL hijacking. One notable feature of Crutch v4 is its ability to automatically upload files found on local and removable drives to Dropbox storage using the Windows version of the Wget utility, differing from previous versions that relied on backdoor commands. Older iterations of Crutch included a backdoor that communicated with a hard-coded Dropbox account via the official HTTP API. The malware was detected and reported through the use of Cortex XDR, which raised both prevention and detection alerts. These alerts were not exclusive to Crutch but also encompassed other malware such as Capibar, Kazuar, Snake, QUIETCANARY/Tunnus, Kopiluwak, ComRAT, Carbon, HyperStack, and TinyTurla. The MITRE ATT&CK techniques, a globally-accessible knowledge base of adversary tactics and techniques, were utilized in the analysis and understanding of the Crutch attacks. In terms of mitigation, several measures have been put in place. Alerts for Crutch execution prevention and detection were displayed in Cortex XDR, indicating the system's capability to both identify and prevent the malware from carrying out its intended operations. This discovery underscores the importance of robust cybersecurity measures and the continued vigilance required to combat evolving cyber threats.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Malware
Windows
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
TurlaUnspecified
4
Turla, also known as Pensive Ursa, is a threat actor believed to be a unit of Russia's Federal Security Service according to the FBI. This cyberespionage group is notorious for its sophisticated attacks and use of malicious software, such as Snake or Ouroboros, which allows them backdoor access to c
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Crutch Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Turla Crutch: Keeping the “back door” open | WeLiveSecurity
Unit42
8 months ago
Threat Group Assessment: Turla (aka Pensive Ursa)
MITRE
a year ago
TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines
Trend Micro
8 months ago
Examining the Activities of the Turla APT Group
CERT-EU
a year ago
Matthieu Faou | WeLiveSecurity