Skip to content
MalwareWiki

Loader

KrustyLoader

ELF x64 Rust downloader first discovered on Ivanti Connect Secure VPN after the exploitation of CVE-2024-21887 and CVE-2023-46805.

KrustyLoader is a Linux loader.

Background

A Rust-written ELF x64 downloader initially found on Ivanti Connect Secure VPN appliances in the wake of CVE-2024-21887 and CVE-2023-46805 exploitation. It pulls down the Sliver backdoor and then removes itself.

Source: Malpedia (Fraunhofer FKIE).