Wordfence Weekly October 02 2019
Wordfence Weekly October 02 2019 – October 08 2019
A weekly report of noteworthy threat data by the Defiant threat intelligence team.
Notable Vulnerabilities
Name: Download Plugins and Themes from Dashboard <= 1.5.0 - Unauthenticated Stored XSS
Description: Unauthenticated attackers can inject XSS payloads into the administrator dashboard of affected sites.
Type: A7 – Cross-Site Scripting (XSS)
Description: Unauthenticated attackers can inject XSS payloads into the administrator dashboard of affected sites.
Type: A7 – Cross-Site Scripting (XSS)
Most Common New Infections
Malware samples identified on the greatest count of newly infected sites.
MD5 | Signature | Description | Example File Names |
---|---|---|---|
CEC9A529B43D84F0A0E3624372CD9C51 | Backdoor:PHP/WP-VCD.5409 | Infected core file, triggers execution of another malicious script. | post.php |
6AF2FE6DF46DD2BBC5B2FB743117C2A4 | Spam:PHP/oclasinsert.5483 | SEO spam code injector. | wp-tmp.php |
7D9A88B33CD777B0949A3033512C1D08 | Backdoor:PHP/wp-vcd.5476 | Backdoor associated with SEO spam injections. | wp-vcd.php |
AB5106155B93D614B93086291CA72051 | Spam:PHP/oclasinsert.5483 | SEO spam code injector. | wp-tmp.php |
701CB9E0ACF43569D3C539B073DAAF2F | Spam:PHP/oclasinsert.5483 | SEO spam code injector. | wp-tmp.php |
IPs Attacking Most Sites
Rank | Prev. | IP Address | ASN | Country |
---|---|---|---|---|
1 | 6 | 217.182.95.250 | 16276 (OVH SAS) | FR |
2 | 2 | 165.227.48.147 | 14061 (DigitalOcean, LLC) | US |
3 | 9 | 198.27.69.176 | 16276 (OVH SAS) | CA |
4 | — | 192.95.14.196 | 16276 (OVH SAS) | CA |
5 | — | 192.169.159.241 | 26496 (GoDaddy.com, LLC) | US |
6 | 4 | 192.99.38.186 | 16276 (OVH SAS) | CA |
7 | 10 | 159.203.86.82 | 14061 (DigitalOcean, LLC) | US |
8 | 1 | 178.128.193.158 | 14061 (DigitalOcean, LLC) | DE |
9 | 8 | 139.59.116.30 | 14061 (DigitalOcean, LLC) | SG |
10 | — | 157.245.112.139 | 14061 (DigitalOcean, LLC) | US |
New Tracked Domains
Domain Name | Date Added | Current Status | Notes |
---|---|---|---|
tds.narod.ru | 10/04/2019 | Up | Referenced in malware samples. |
tdse.com | 10/04/2019 | Up | Referenced in malware samples. |