SPAWNCHIMERA Malware: The Chimera Spawning from Ivanti Connect Secure Vulnerability

**Executive summary:** This report analyzes SPAWNCHIMERA, an evolved variant of the SPAWN malware family actively used to exploit Ivanti Connect Secure (CVE-2025-0282); it documents new evasion and persistence features (UNIX domain socket inter-process communication, XOR-decoded embedded SSH keys, removal of debug artifacts), a runtime hook that limits strncpy to mitigate competing exploitation, and lists confirmed IoCs (file hashes and file paths).