Krustyloader

Malware updated 2 months ago (2024-08-14T10:04:03.209Z)
Download STIX
Preview STIX
KrustyLoader is a malicious software (malware) that has emerged as a significant threat to both Windows and Linux systems. This backdoor malware, known for its disruptive capabilities, can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The first notable instance of KrustyLoader being deployed occurred on March 12, 2024. Cybersecurity experts noted that threat actors exploited vulnerabilities in Ivanti's Virtual Private Network (VPN) software to deliver the malware. The exploitation of these bugs allowed the attackers to bypass security measures and install the KrustyLoader malware onto unsuspecting systems. The situation was further exacerbated by the involvement of the hacker group known as Magnet Goblin. This group capitalized on one-day flaws in both Windows and Linux systems to deploy a custom version of the KrustyLoader malware. The combination of the Ivanti VPN bugs and the one-day flaws provided an effective delivery mechanism for this harmful software, highlighting the importance of timely system updates and robust cybersecurity measures.
Description last updated: 2024-08-14T08:49:05.914Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Sliver is a possible alias for Krustyloader. Sliver is an open-source, cross-platform tool created by Senior Security Associate Joe DeMesy and Security Associate Ronan Kervella. It was introduced at SummerCon in June 2019 and is currently in beta. Sliver supports command and control (C2) over Mutual-TLS, HTTP(S), and DNS and can be used as par
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Ivanti
Zero Day
Exploit
Sliver
Malware
Vpn
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2024-21887 Vulnerability is associated with Krustyloader. CVE-2024-21887 is a command injection vulnerability found in the web components of Ivanti Connect Secure and Ivanti Policy Secure, specifically in versions 9.x and 22.x. The Cyber Centre was made aware of this flaw, along with an authentication bypass vulnerability (CVE-2023-46805), on January 10, 2Unspecified
2
The CVE-2023-46805 Vulnerability is associated with Krustyloader. CVE-2023-46805 is a significant software vulnerability discovered in the web component of all supported versions of Ivanti Connect Secure and Ivanti Policy Secure (versions 9.x and 22.x). This flaw, which allows for authentication bypass, was first brought to the attention of the Cyber Centre on JanUnspecified
2
Source Document References
Information about the Krustyloader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
2 months ago
Securityaffairs
2 months ago
CERT-EU
7 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
CERT-EU
7 months ago
Securityaffairs
7 months ago
CERT-EU
7 months ago