DSLog

DSLog is a backdoor malware that targets Ivanti Connect Secure, Policy Secure, and ZTA gateways. It exploits the CVE-2024-21893 server-side request forgery (SSRF) vulnerability in the SAML component to inject malicious code into the 'DSLog.pm' logging module, granting persistent remote access to compromised devices. Once installed, DSLog allows attackers to execute arbitrary commands with root privileges via specially crafted HTTP requests containing a unique SHA256 hash in the User-Agent header.