KrustyLoader (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

elf.krustyloader (Back to overview)

KrustyLoader

ELF x64 Rust downloader first discovered on Ivanti Connect Secure VPN after the exploitation of CVE-2024-21887 and CVE-2023-46805. Downloads Sliver backdoor and deletes itself.

References

2024-03-08 ⋅ Nofix.re ⋅ Nofix
KrustyLoader - Leveraging rust compilation artifacts to obtain reliable compilation timestamps and pivoting
KrustyLoader

2024-02-10 ⋅ Nofix.re ⋅ Nofix
KrustyLoader - About stripped Rust symbol recovery
KrustyLoader

2024-01-29 ⋅ Synacktiv ⋅ Theo Letailleur
KrustyLoader - Rust malware linked to Ivanti ConnectSecure compromises
KrustyLoader

There is no Yara-Signature yet.

KrustyLoader Propose Change

References

KrustyLoader