Wordfence Weekly October 02 2019

April 10, 2017

Wordfence Weekly October 02 2019 – October 08 2019

A weekly report of noteworthy threat data by the Defiant threat intelligence team.

Name: Download Plugins and Themes from Dashboard <= 1.5.0 - Unauthenticated Stored XSS
Description: Unauthenticated attackers can inject XSS payloads into the administrator dashboard of affected sites.
Type: A7 – Cross-Site Scripting (XSS)

Malware samples identified on the greatest count of newly infected sites.

MD5	Signature	Description	Example File Names
CEC9A529B43D84F0A0E3624372CD9C51	Backdoor:PHP/WP-VCD.5409	Infected core file, triggers execution of another malicious script.	post.php
6AF2FE6DF46DD2BBC5B2FB743117C2A4	Spam:PHP/oclasinsert.5483	SEO spam code injector.	wp-tmp.php
7D9A88B33CD777B0949A3033512C1D08	Backdoor:PHP/wp-vcd.5476	Backdoor associated with SEO spam injections.	wp-vcd.php
AB5106155B93D614B93086291CA72051	Spam:PHP/oclasinsert.5483	SEO spam code injector.	wp-tmp.php
701CB9E0ACF43569D3C539B073DAAF2F	Spam:PHP/oclasinsert.5483	SEO spam code injector.	wp-tmp.php

Rank	Prev.	IP Address	ASN	Country
1	6	217.182.95.250	16276 (OVH SAS)	FR
2	2	165.227.48.147	14061 (DigitalOcean, LLC)	US
3	9	198.27.69.176	16276 (OVH SAS)	CA
4	—	192.95.14.196	16276 (OVH SAS)	CA
5	—	192.169.159.241	26496 (GoDaddy.com, LLC)	US
6	4	192.99.38.186	16276 (OVH SAS)	CA
7	10	159.203.86.82	14061 (DigitalOcean, LLC)	US
8	1	178.128.193.158	14061 (DigitalOcean, LLC)	DE
9	8	139.59.116.30	14061 (DigitalOcean, LLC)	SG
10	—	157.245.112.139	14061 (DigitalOcean, LLC)	US

Domain Name	Date Added	Current Status	Notes
tds.narod.ru	10/04/2019	Up	Referenced in malware samples.
tdse.com	10/04/2019	Up	Referenced in malware samples.