Krustyloader

Malware updated 13 hours ago (2024-11-20T18:13:10.447Z)

Download STIX

Preview STIX

KrustyLoader is a malicious software (malware) that has been identified as a significant threat to both Windows and Linux systems. First emerging on March 12, 2024, this malware stands out due to its ability to exploit vulnerabilities in systems, causing severe damage and disruption. This malware can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once it gains access, KrustyLoader can steal personal information, disrupt operations, or even hold data hostage for ransom. The deployment of KrustyLoader has been significantly facilitated by the exploitation of bugs in Ivanti VPN. Threat actors have been able to leverage these vulnerabilities to deliver the malware to unsuspecting victims. The use of Ivanti VPN, which is intended to provide secure, remote access to network resources, as a conduit for malware delivery underscores the sophistication of the threat actors behind KrustyLoader. Moreover, KrustyLoader is part of a suite of tools used by cybercriminals, alongside other notable threats such as NKAbuse and K4Spreader. These tools, employed by various hacker groups including the notorious Magnet Goblin, are being used in tandem to exploit system vulnerabilities and deploy custom malware. As such, the emergence of KrustyLoader represents a significant escalation in the cybersecurity landscape, necessitating robust countermeasures to mitigate potential damage.

Description last updated: 2024-11-15T16:01:48.613Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Sliver is a possible alias for Krustyloader. Sliver is an open-source, cross-platform tool created by Senior Security Associate Joe DeMesy and Security Associate Ronan Kervella. It was introduced at SummerCon in June 2019 and is currently in beta. Sliver supports command and control (C2) over Mutual-TLS, HTTP(S), and DNS and can be used as par	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Ivanti

Malware

Zero Day

Exploit

Sliver

Loader

Vpn

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2024-21887 Vulnerability is associated with Krustyloader. CVE-2024-21887 is a command injection vulnerability found in the web components of Ivanti Connect Secure and Ivanti Policy Secure, specifically in versions 9.x and 22.x. The Cyber Centre was made aware of this flaw, along with an authentication bypass vulnerability (CVE-2023-46805), on January 10, 2	Unspecified	2
The CVE-2023-46805 Vulnerability is associated with Krustyloader. CVE-2023-46805 is an authentication bypass vulnerability that affects all supported versions of Ivanti Connect Secure and Ivanti Policy Secure (versions 9.x and 22.x). The Cyber Centre first became aware of this flaw, along with a command injection vulnerability (CVE-2024-21887), on January 10, 2024	Unspecified	2

Source Document References

Information about the Krustyloader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securelist	6 days ago	Crimeware and financial predictions for 2025
Securityaffairs	3 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	4 months ago	security-affairs-malware-newsletter-round-5
CERT-EU	8 months ago	SUSE: 2024:0862-1 moderate: zabbix
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	5 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini
CERT-EU	8 months ago	SUSE: 2024:0912-1 important: openvswitch \| LinuxSecurity.com
Securityaffairs	8 months ago	Security Affairs newsletter Round 463 by Pierluigi Paganini