Trusted Design

Backdoor in Wordpress plugin

概要

Custom Content Type Manager (CCTM) is a relatively popular plugin with three years of development, 10,000+ active installs, and a satisfaction rating of 4.8. It helps create custom post types. Website owners find the classical “blog format” too restrictive, use the plugin to add custom elements to their posts. So far so good. It looked like a typical backdoor that could be uploaded anywhere on a compromised server, not just in this particular plugin. We decided to check the original plugin package and, to our surprise, found the file in the source! We also discovered that we were not the only ones that found this file (although people on the forum seemed to believe that the file was just “vulnerable”). This really was worth investigating.

Created: 2026-02-23

Indicators

類似Pulses

Chinese threat actor - Wordpress exploits and PHP file dropper (score: 0.58)
Evolution of Pseudo Darkleech (score: 0.56)
WordPress Compromise Campaign (score: 0.56)
Exploring CVE-2015-2545 and its users (score: 0.55)
Suspicious IP addresses (score: 0.55)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 13.12

Matched TTPs:

T1036.007 - Double File Extension
T1218.010 - Regsvr32
T1102.002 - Bidirectional Communication
T1587 - Develop Capabilities

MITREへのリンク →

Mustang Panda

Score: 6.47

Matched TTPs:

T1036.007 - Double File Extension
T1003.003 - NTDS

MITREへのリンク →

APT41

Score: 11.46

Matched TTPs:

T1069 - Permission Groups Discovery
T1218.001 - Compiled HTML File
T1003.003 - NTDS
T1569.002 - Service Execution

MITREへのリンク →

Scattered Spider

Score: 9.47

Matched TTPs:

T1069 - Permission Groups Discovery
T1136 - Create Account
T1003.003 - NTDS

MITREへのリンク →

TA505

Score: 3.29

Matched TTPs:

T1069 - Permission Groups Discovery

MITREへのリンク →

Volt Typhoon

Score: 8.46

Matched TTPs:

T1069 - Permission Groups Discovery
T1584.004 - Server
T1003.003 - NTDS

MITREへのリンク →

APT3

Score: 3.29

Matched TTPs:

T1069 - Permission Groups Discovery

MITREへのリンク →

FIN13

Score: 5.63

Matched TTPs:

T1069 - Permission Groups Discovery
T1003.003 - NTDS

MITREへのリンク →

Contagious Interview

Score: 7.69

Matched TTPs:

T1480 - Execution Guardrails
T1587 - Develop Capabilities

MITREへのリンク →

BlackByte

Score: 6.24

Matched TTPs:

T1480 - Execution Guardrails
T1569.002 - Service Execution

MITREへのリンク →

Gamaredon Group

Score: 9.39

Matched TTPs:

T1480 - Execution Guardrails
T1102.002 - Bidirectional Communication
T1027.015 - Compression

MITREへのリンク →

OilRig

Score: 7.98

Matched TTPs:

T1218.001 - Compiled HTML File
T1137.004 - Outlook Home Page

MITREへのリンク →

Dark Caracal

Score: 5.20

Matched TTPs:

T1218.001 - Compiled HTML File
T1189 - Drive-by Compromise

MITREへのリンク →

Silence

Score: 5.84

Matched TTPs:

T1218.001 - Compiled HTML File
T1569.002 - Service Execution

MITREへのリンク →

APT38

Score: 7.60

Matched TTPs:

T1218.001 - Compiled HTML File
T1189 - Drive-by Compromise
T1569.002 - Service Execution

MITREへのリンク →

Blue Mockingbird

Score: 5.14

Matched TTPs:

T1218.010 - Regsvr32
T1569.002 - Service Execution

MITREへのリンク →

Leviathan

Score: 10.50

Matched TTPs:

T1218.010 - Regsvr32
T1189 - Drive-by Compromise
T1584.004 - Server
T1027.015 - Compression

MITREへのリンク →

APT32

Score: 6.91

Matched TTPs:

T1218.010 - Regsvr32
T1189 - Drive-by Compromise
T1569.002 - Service Execution

MITREへのリンク →

APT19

Score: 4.51

Matched TTPs:

T1218.010 - Regsvr32
T1189 - Drive-by Compromise

MITREへのリンク →

APT37

Score: 4.16

Matched TTPs:

T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise

MITREへのリンク →

Lazarus Group

Score: 7.00

Matched TTPs:

T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

APT39

Score: 4.80

Matched TTPs:

T1102.002 - Bidirectional Communication
T1569.002 - Service Execution

MITREへのリンク →

Magic Hound

Score: 4.16

Matched TTPs:

T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise

MITREへのリンク →

Turla

Score: 7.00

Matched TTPs:

T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

FIN7

Score: 4.80

Matched TTPs:

T1102.002 - Bidirectional Communication
T1569.002 - Service Execution

MITREへのリンク →

Sandworm Team

Score: 7.57

Matched TTPs:

T1102.002 - Bidirectional Communication
T1584.004 - Server
T1003.003 - NTDS

MITREへのリンク →

APT28

Score: 6.50

Matched TTPs:

T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise
T1003.003 - NTDS

MITREへのリンク →

Earth Lusca

Score: 4.60

Matched TTPs:

T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

Dragonfly

Score: 6.94

Matched TTPs:

T1189 - Drive-by Compromise
T1584.004 - Server
T1003.003 - NTDS

MITREへのリンク →

Threat Group-3390

Score: 4.92

Matched TTPs:

T1189 - Drive-by Compromise
T1027.015 - Compression

MITREへのリンク →

Daggerfly

Score: 4.60

Matched TTPs:

T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

Indrik Spider

Score: 6.68

Matched TTPs:

T1136 - Create Account
T1584.004 - Server

MITREへのリンク →

Salt Typhoon

Score: 3.84

Matched TTPs:

T1136 - Create Account

MITREへのリンク →

Moonstone Sleet

Score: 6.24

Matched TTPs:

T1587 - Develop Capabilities
T1569.002 - Service Execution

MITREへのリンク →

FIN6

Score: 4.74

Matched TTPs:

T1003.003 - NTDS
T1569.002 - Service Execution

MITREへのリンク →

Chimera

Score: 4.74

Matched TTPs:

T1003.003 - NTDS
T1569.002 - Service Execution

MITREへのリンク →

Medusa Group

Score: 4.74

Matched TTPs:

T1003.003 - NTDS
T1569.002 - Service Execution

MITREへのリンク →

Wizard Spider

Score: 4.74

Matched TTPs:

T1003.003 - NTDS
T1569.002 - Service Execution

MITREへのリンク →

Ke3chang

Score: 4.74

Matched TTPs:

T1003.003 - NTDS
T1569.002 - Service Execution

MITREへのリンク →

Molerats

Score: 3.15

Matched TTPs:

T1027.015 - Compression

MITREへのリンク →

Higaisa

Score: 3.15

Matched TTPs:

T1027.015 - Compression

MITREへのリンク →

TA2541

Score: 3.15

Matched TTPs:

T1027.015 - Compression

MITREへのリンク →

Mofang

Score: 3.15

Matched TTPs:

T1027.015 - Compression

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.76

Matched TTPs:

T1587 - Develop Capabilities
T1218.010 - Regsvr32
T1102.002 - Bidirectional Communication
T1036.007 - Double File Extension

MITREへのリンク →

APT41

Score: 0.71

Matched TTPs:

T1069 - Permission Groups Discovery
T1003.003 - NTDS
T1218.001 - Compiled HTML File
T1569.002 - Service Execution

MITREへのリンク →

Leviathan

Score: 0.63

Matched TTPs:

T1584.004 - Server
T1189 - Drive-by Compromise
T1027.015 - Compression
T1218.010 - Regsvr32

MITREへのリンク →

Scattered Spider

Score: 0.59

Matched TTPs:

T1069 - Permission Groups Discovery
T1136 - Create Account
T1003.003 - NTDS

MITREへのリンク →

Gamaredon Group

Score: 0.57

Matched TTPs:

T1027.015 - Compression
T1102.002 - Bidirectional Communication
T1480 - Execution Guardrails

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る