MalwareApr 24, 2026
"The scanner relies on an acquirer file containing targets and a lease file defining the exploit...
Malware scanner exploits CVE-2025-55182 using target feeds from thc.org infrastructure.
Summary
A malware scanner has been discovered leveraging CVE-2025-55182 to target systems. The attack infrastructure uses acquirer and lease configuration files to obtain target lists from ZIP archives hosted on cs2.ip.thc.org, with payloads deployed via compromised or attacker-controlled domains. The campaign demonstrates active exploitation of the vulnerability with organized targeting methodology.
Indicators of Compromise
- domain — cs2.ip.thc.org
- cve — CVE-2025-55182
Entities
CVE-2025-55182 Scanner Campaign (campaign)Malware Scanner with Modular Exploit Framework (technology)