DslogdRAT Malware Installed in Ivanti Connect Secure

SUMMARY :

The article discusses a malware called DslogdRAT, which was installed on Ivanti Connect Secure systems by exploiting CVE-2025-0282. The malware communicates with a C2 server during business hours to avoid detection. It uses a web shell for initial access and supports various commands for file operations, shell execution, and proxy functionality. The article details the malware's execution flow, configuration data, and communication method. Additionally, SPAWNSNARE malware was found on the same compromised systems. The attacks are potentially linked to the UNC5221 threat group, and organizations are advised to monitor for ongoing threats targeting Ivanti Connect Secure vulnerabilities.

OPENCTI LABELS :

zero-day,web shell,c2 communication,cve-2025-0282,spawnsnare,ivanti connect secure,cve-2025-22457,spawnchimera,dslogdrat


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


DslogdRAT Malware Installed in Ivanti Connect Secure