Wordfence Weekly June 26 2019 – July 02 2019

A weekly report of noteworthy threat data by the Defiant threat intelligence team.

Security News

  • Cloudflare outage caused by bad software deploy

    Read Cloudflare’s official response to a series of outages that affected many internet users this week.
    Read More

  • Magento releases critical security patches.

    New security updates were released for the popular ecommerce platform Magento, which resolved a number of critical vulnerabilities. Users are recommended to update their applications as soon as possible.
    Read More

Notable Vulnerabilities

No noteworthy WordPress vulnerabilities this week.

Most Common New Infections

Malware samples identified on the greatest count of newly infected sites.

MD5 Signature Description File Names
C62180F0D626D92E29E83778605DD8BE Suspicious:PHP/eval_exit.92 Obfuscated PHP backdoor. Various .php names like sq.php and wp-cache.php
048648D9755220E727E7E0178837F7BF Backdoor:PHP/561C.110 Obfuscated PHP backdoor amp3.php, sib.php, wpfunck.php
1FDB3383EE4D2217C480EDFF309CCA38 Backdoor:PHP/WSOShell.255 Slightly customized WSO webshell. index.php, e2.php, e8.php
8C9E8184A1523C7286FC11E7DE2EAC55 Backdoor:PHP/LD_PRELOAD.4426 PHP script which generates and executes a malicious binary. wp_form7.php
C2CC3D90B67A9D6C7DF738A8CD8661C7 Suspicious:PHP/eval_exit.92 Obfuscated PHP backdoor. Generated names consisting of words and 3-digit numerals like 416.conflicts.php, processor.501.php, accepted.client.php, etc.

IPs Attacking Most Sites

Rank Prev. IP Address ASN Country
1 193.29.13.100 42397 (Bunea TELECOM SRL) Romania RO
2 3 46.105.127.166 16276 (OVH SAS) France FR
3 1 46.105.99.163 16276 (OVH SAS) France FR
4 2 46.105.99.212 16276 (OVH SAS) France FR
5 120.131.12.178 59019 (Beijing Kingsoft Cloud Internet Technology Co., Ltd) China CN
6 142.93.3.219 14061 (DigitalOcean, LLC) United States US
7 5 5.8.47.2 50896 (Trusov Ilya Igorevych) Poland PL
8 85.214.46.142 6724 (Strato AG) Germany DE
9 81.169.221.186 6724 (Strato AG) Germany DE
10 158.69.162.111 16276 (OVH SAS) Canada CA

New Tracked Domains

Domain Name Date Added Current Status Notes
financeleader.co 07/01/2019 Up Associated with JS redirect campaign.
afflink.org 07/01/2019 Up Associated with JS redirect campaign.
lib0.org 07/02/2019 Up Associated with JS redirect campaign.
wp11.org 07/02/2019 Up Associated with JS redirect campaign.
12js.org 06/27/2019 Up Associated with JS redirect campaign.
12lib.org 06/27/2019 Up Associated with JS redirect campaign.
16js.org 06/27/2019 Up Associated with JS redirect campaign.
16lib.org 06/27/2019 Up Associated with JS redirect campaign.
fastimage.site 07/02/2019 Up Associated with malvertising campaign.
adsfast.site 07/02/2019 Up Associated with malvertising campaign.

Subscribe To The Wordfence Weekly



Did you enjoy this post? Share it!

Recent Issues

Archive