Crutch

Malware updated 6 months ago (2024-05-04T18:53:49.728Z)
Download STIX
Preview STIX
Crutch is a sophisticated malware attributed to the Turla group, first discovered by ESET researchers in December 2020. It's considered a second-stage backdoor, achieving persistence through DLL hijacking. One notable feature of Crutch v4 is its ability to automatically upload files found on local and removable drives to Dropbox storage using the Windows version of the Wget utility, differing from previous versions that relied on backdoor commands. Older iterations of Crutch included a backdoor that communicated with a hard-coded Dropbox account via the official HTTP API. The malware was detected and reported through the use of Cortex XDR, which raised both prevention and detection alerts. These alerts were not exclusive to Crutch but also encompassed other malware such as Capibar, Kazuar, Snake, QUIETCANARY/Tunnus, Kopiluwak, ComRAT, Carbon, HyperStack, and TinyTurla. The MITRE ATT&CK techniques, a globally-accessible knowledge base of adversary tactics and techniques, were utilized in the analysis and understanding of the Crutch attacks. In terms of mitigation, several measures have been put in place. Alerts for Crutch execution prevention and detection were displayed in Cortex XDR, indicating the system's capability to both identify and prevent the malware from carrying out its intended operations. This discovery underscores the importance of robust cybersecurity measures and the continued vigilance required to combat evolving cyber threats.
Description last updated: 2024-05-04T18:48:59.528Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Malware
Windows
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Turla Threat Actor is associated with Crutch. Turla, a threat actor linked to Russia, is known for its sophisticated cyber espionage operations. The group has been associated with numerous high-profile attacks, often utilizing advanced backdoors and fileless malware for infiltration and persistence. Turla's tactics, techniques, and procedures (Unspecified
4
Source Document References
Information about the Crutch Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more