id
type
0 (not classified)
status
21 (imported old-v2, waiting for another import)
review version
0
cleanup version
0
pending deletion
0 (-)
created at
2025-11-06 06:23:33
updated at
2025-11-06 06:23:34
pol page id
pol status
0
pol hosts ticketing
pol hosts ecommerce
pol hosts finance
pol hosts crypto
pol hosts leak
pol hosts devel
github.com
pol hosts ugc
pol hosts klim
pol hosts builders
pol hosts self subdomains
pol hosts other subdomains
dashboard.shadowserver.org
pol hosts other domains
synacktiv.com fortinet.com darktrace.com
pol updated
1767089445
url
https://labs.withsecure.com/publications/new-krustyloader-variant-dropped-via-screenconnect-exploit
url length
99
url crc
45054
url crc32
515354622
location type
1 (url matches target location, page_location is empty)
canonical status
10 (verified canonical url)
canonical page id
domain id
domain tld
2211
domain parts
0
originating warc id
-
originating url
https://data.commoncrawl.org/crawl-data/CC-MAIN-2025-33/segments/1754151280106.5/warc/CC-MAIN-20250809141352-20250809171352-00870.warc.gz
source type
11 (CommonCrawl)
server ip
Publication date
2025-08-09 15:36:40
Fetch attempts
0
Original html size
71159
Normalized and saved size
46396
title
KrustyLoader Windows variant dropped via ScreenConnect exploit - Latest in a 6-month mass exploitation campaign
excerpt
content
KrustyLoader Windows variant dropped via ScreenConnect exploit Latest in a 6-month mass exploitation campaign
 Mohammad Kazem Hassan Nejad, Tim West, Stephen Robinson
 
 WithSecure Intelligence
 24.02.2024
 Executive Summary Since proof-of-concept code was released for two vulnerabilities in ConnectWise ScreenConnect, en-mass exploitation has started from multiple threat actors. Researchers in the security industry have reported on attack chains they have observed which include using ScreenConnect to deploy password stealers, other remote management software, and commercial post-exploitation frameworks. Some intrusions have even ended up with Ransomware deployments.
 Internet scanners, such as the ShadowServer foundation report that as of 21...
author
updated
1767089445
block type
0
extracted fields
105
extracted bits
featured image
title
full content
content was extracted heuristically
detected location
0
detected language
1 (English)
category id
-
index version
1
paywall score
0
spam phrases
0
text nonlatin
0
text cyrillic
0
text characters
9769
text words
1656
text unique words
590
text lines
1
text sentences
46
text paragraphs
1
text words per sentence
36
text matched phrases
0
text matched dictionaries
0
links self subdomains
0
links other subdomains
1
links other domains
7
links spam adult
0
links spam random
0
links spam expired
0
links ext activities
0
links ext ecommerce
0
links ext finance
0
links ext crypto
0
links ext booking
0
links ext news
0
links ext leaks
0
links ext ugc
1
links ext klim
0
links ext generic
0
image author
featured image
https://labs.withsecure.com/content/dam/labs/og/OG-image.png