DslogdRAT Malware Installed in Ivanti Connect Secure

Executive Summary: This report analyzes DslogdRAT and a simple Perl web shell installed via exploitation of an Ivanti Connect Secure zero-day in attacks targeting organizations in Japan (Dec 2024), detailing malware execution flow, encoded configuration, C2 communication and commands, and providing indicators of compromise (C2 IP 3.112.192.119, file paths, and hashes); it also notes co-located SPAWNSNARE and related advisories.