Wordfence Weekly October 30 2019 – November 05 2019

A weekly report of noteworthy threat data by the Defiant threat intelligence team.

Most Common New Infections

Malware samples identified on the greatest count of newly infected sites.

MD5 Signature Description Example File Names
CEC9A529B43D84F0A0E3624372CD9C51 Backdoor:PHP/WP-VCD.5409 Infected core file, triggers execution of another malicious script. post.php
620C296D324E5825089EC1A46862AB8B Backdoor:PHP/wp-vcd.5476 Backdoor associated with SEO spam injections. wp-vcd.php
87A7E0017D5672E441F5F9A717A52CC8 Spam:PHP/WP-VCD.5483 Backdoor associated with SEO spam injections. wp-tmp.php
80244EB33E847CB91CBEEEAC599755B4 Backdoor:PHP/wp-vcd.5476 Backdoor associated with SEO spam injections. wp-vcd.php
380FA777B8C37FB60811E5972391261B Suspicious:PHP/eval_b64.1 WebShellOrb PHP webshell .colors-rtl.php, .lapan.php, .wp-cli.php, and others.

IPs Attacking Most Sites

Rank Prev. IP Address ASN Country
1 16276 (OVH SAS) United Kingdom GB
2 16276 (OVH SAS) Canada CA
3 9002 (RETN Limited) Russia RU
4 50297 (Infium, UAB) Ukraine UA
5 8075 (Microsoft Corporation) Japan JP
6 40244 (Turnkey Internet Inc.) United States US
7 134762 (CHINANET Sichuan province Chengdu MAN network) China CN
8 5 8075 (Microsoft Corporation) United States US
9 4134 (No.31,Jin-rong Street) China CN
10 20860 (Iomart Cloud Services Limited) United Kingdom GB

New Tracked Domains

Domain Name Date Added Current Status Notes
top.beforwardplay.com 10/30/2019 Up Referenced in malware samples.
mypharmwebmart.su 11/042019 Up Associated with hardcoded redirects.

Subscribe To The Wordfence Weekly

Did you enjoy this post? Share it!

Recent Issues