IOC Radar
MD5HighVerifiedSignal 97/100

393488e94b169b59d5ce6096dccedeb7

Location
ChinaChina
First Seen
Dec 10, 2025
Last Seen
May 30, 2026
Dec 10
First Seen
187d ago
May 30
Last Seen
16d ago
6
Reports
source reports
97%
Confidence
high
Found in 6 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
97%
Signal Score
97 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

23 techniques

Feed Intelligence Summary

6 reports97% confidence
6
Source reports
97%
Confidence score
Category tags
abuseacademic institutionsactive scanactive scanningapachearcanearesasiaauto-colorbackdoorbad reputationbankingbase64bashbash scriptbitcoinaddressbotnetbotnet activityc2c2the rustobotcephalus ransomwarechinacivil servicescobalt strikecode executioncoin minerscommand & controlcommand and controlcommand executioncompoodconsumer goodscontainer securitycontainerizationcookiecredit card servicescrossc2crossc2 cobaltcryptocurrencycvedetect-debug-environmentdistributed attacksdistribution managementearth lamiaeducationeducational resourceseducational serviceseducational technologyelfelf32elf64etherrateurope/asiaexecutable fileexploitation activityfile-hashfinancefinance and insurancefinancial servicesfinancial technologyfreight forwardinggovernment technologyhigher educationindicatorinformation technologyinstallinventory managementiot securityit infrastructurejackpot pandak-12 educationkaijikaiji botnetkeenadulinuxlogistics technologylokimacosmalicious powershell activitymalwareminocatnation-state activitynetwork probingnoodle ratpayment processingpowershellprcpublic administrationpublic infrastructurepublic policyransomwarercereactreact2shellreconnaissanceregulatory agenciesremote accessresearchedretail traderootrscrussiarustscripting attacksserviceshellshipping servicessliversoftware developmentsoftware exploitationsupply chain attacksupply chain managementsystemdt1003t1027t1053t1059t1059.001t1059.006t1071.001t1078t1086t1105t1133t1190t1203t1204.002t1496t1499.002t1499.003t1566t1569.002t1595.001t1595.002t1595.003t1619tactical rmmteamthreat actortor nodetransparent tribetransportation managementunc5174upxuxxxxxxvshellvulnerability scanwarehouse operationswealth managementwebsite defacementxmrigxmrig httpxmrig minerxmrig miningzinfoq

Activity Timeline

1 total obs
May 30May 30

Threat Activity Heatmap

· Peak: 2026-05-30
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
97
SIGNAL
Signal Score
97%
Confidence
6
Reports
First seenDec 10, 2025
Last seenMay 30, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

description
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, no section header
references
https://blogs.jpcert.or.jp/en/2026/02/multiple-threat-actors-rapidly-exploit-react2shell-a-case-study-of-active-compromise.html, IOCs2.csv, https://unit42.paloaltonetworks.com/cve-2025-55182-react-and-cve-2025-66478-next/, https://blog.lumen.com/chaos-is-a-go-based-swiss-army-knife-of-malware/, https://bi.zone/expertise/blog/zloumyshlenniki-ekspluatiruyut-uyazvimost-cve-2025-55182-v-atakakh-na-rossiyskie-kompanii/, https://www.trendmicro.com/content/dam/trendmicro/global/en/research/25/l/cve-2025-55182-analysis-poc-itw/CVE-2025-55182-combined-IOCs-F.txt, https://cloud.google.com/blog/topics/threat-intelligence/threat-actors-exploit-react2shell-cve-2025-55182, https://info.greynoise.io/hubfs/At-The-Edge/Weekly-Intelligence-Brief-120825.pdf, https://www.wiz.io/blog/nextjs-cve-2025-55182-react2shell-deep-dive, https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/, https://www.microsoft.com/en-us/security/blog/2025/12/15/defending-against-the-cve-2025-55182-react2shell-vulnerability-in-react-server-components/, https://www.huntress.com/blog/peerblight-linux-backdoor-exploits-react2shell, https://www.greynoise.io/blog/cve-2025-55182-react2shell-opportunistic-exploitation-in-the-wild-what-the-greynoise-observation-grid-is-seeing-so-far, https://www.cve.org/CVERecord?id=CVE-2025-55182, https://nvd.nist.gov/vuln/detail/CVE-2025-55182, https://corelight.com/blog/react2shell, Book1.csv

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 6 months ago · Last seen 16 days ago
Appeared in 6 threat reports