Krustyloader

Malware Profile Updated 4 days ago
Download STIX
Preview STIX
KrustyLoader is a malicious software (malware) that has been causing significant disruption in the cybersecurity landscape since its emergence on 12 March 2024. This malware, designed to exploit and damage computer systems, has been observed to target both Windows and Linux systems, posing a substantial threat to these operating environments. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, or hold data hostage for ransom. The deployment of KrustyLoader has been linked to the exploitation of bugs in Ivanti VPN by threat actors. These cybercriminals have leveraged vulnerabilities in the Ivanti VPN to deliver the KrustyLoader malware into unsuspecting systems. This tactic allows them to bypass security measures and establish a backdoor into the targeted systems, leading to potential unauthorized access and control over the compromised devices. The Magnet Goblin Hackers group has been particularly noted for exploiting one-day flaws to deploy custom Linux malware, including the KrustyLoader. Their activities have heightened the urgency for robust cybersecurity measures to prevent such attacks. The cybersecurity community is now more than ever focused on identifying and patching vulnerabilities, especially those present in widely used services like Ivanti VPN, to mitigate the threat posed by KrustyLoader and similar malware.
What's your take? (Question 1 of 5)
44417de5-12dc-4c00-b7d9-a8213fddb77f Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Sliver
2
Sliver is an open-source, cross-platform tool created by Senior Security Associate Joe DeMesy and Security Associate Ronan Kervella. It was introduced at SummerCon in June 2019 and is currently in beta. Sliver supports command and control (C2) over Mutual-TLS, HTTP(S), and DNS and can be used as par
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Ivanti
Zero Day
Exploit
Sliver
Malware
Vpn
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2024-21887Unspecified
2
CVE-2024-21887 is a command injection vulnerability in the web components of Ivanti Connect Secure and Ivanti Policy Secure (versions 9.x and 22.x). This flaw was made public on January 10, 2024, alongside another vulnerability, CVE-2023-46805, an authentication bypass vulnerability. Both of these v
CVE-2023-46805Unspecified
2
CVE-2023-46805 is an authentication bypass vulnerability found in the web component of all supported versions of Ivanti Connect Secure and Ivanti Policy Secure (versions 9.x and 22.x). The Cyber Centre was first alerted to this issue on January 10, 2024, along with a command injection vulnerability
Source Document References
Information about the Krustyloader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
4 months ago
Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware
CERT-EU
3 months ago
KrustyLoader Backdoor Attack Both Windows & Linux Systems
DARKReading
4 months ago
Ivanti Zero-Day Patches Delayed as 'KrustyLoader' Attacks Mount
CERT-EU
2 months ago
Mageia 2024-0069: jackson-databind security update | LinuxSecurity.com
CERT-EU
3 months ago
SUSE: 2024:0908-1 moderate: 389-ds | LinuxSecurity.com
CERT-EU
3 months ago
Mageia 2024-0061: java 1.8.0, 11 & latest security update | LinuxSecurity.com
CERT-EU
3 months ago
Ubuntu 6587-5: X.Org X Server vulnerabilities | LinuxSecurity.com
CERT-EU
2 months ago
Mageia 2024-0067: jupyter-notebook security update | LinuxSecurity.com
CERT-EU
3 months ago
SUSE: 2024:0834-1 important: sudo | LinuxSecurity.com
CERT-EU
3 months ago
Mageia 2024-0059: libgit2 security update | LinuxSecurity.com
CERT-EU
3 months ago
Ubuntu 6681-3: Linux kernel vulnerabilities | LinuxSecurity.com
CERT-EU
2 months ago
SUSE: 2024:0912-1 important: openvswitch | LinuxSecurity.com
CERT-EU
3 months ago
SUSE: 2024:0850-1 important: python3 | LinuxSecurity.com
CERT-EU
3 months ago
Mageia 2024-0056: java-17-openjdk security update | LinuxSecurity.com
InfoSecurity-magazine
4 months ago
Rust Payloads Exploiting Ivanti 0-Days Linked to Sliver Toolkit
CERT-EU
3 months ago
SUSE: 2024:0898-1 moderate: gdb | LinuxSecurity.com
Securityaffairs
4 months ago
Security Affairs newsletter Round 457 by Pierluigi Paganini
Securityaffairs
3 months ago
Security Affairs newsletter Round 459 by Pierluigi Paganini
Securityaffairs
2 months ago
Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs
2 months ago
Security Affairs newsletter Round 464 by Pierluigi Paganini