RST TI Report Digest: 29 Dec 2025

This report documents active exploitation of CVE-2025-55182 in the React2Shell framework against Russian companies, where attackers deploy XMRig cryptocurrency miners, backdoors (including EtherRAT), Cobalt Strike Unix payloads, Tactical RMM agents, and botnet/flooding tools; the publication provides extensive IOCs (IPs, domains, URLs, and numerous SHA-256 hashes) to support detection and response.