Trusted Design

Backdoor in Wordpress plugin

概要

Custom Content Type Manager (CCTM) is a relatively popular plugin with three years of development, 10,000+ active installs, and a satisfaction rating of 4.8. It helps create custom post types. Website owners find the classical “blog format” too restrictive, use the plugin to add custom elements to their posts. So far so good. It looked like a typical backdoor that could be uploaded anywhere on a compromised server, not just in this particular plugin. We decided to check the original plugin package and, to our surprise, found the file in the source! We also discovered that we were not the only ones that found this file (although people on the forum seemed to believe that the file was just “vulnerable”). This really was worth investigating.

Created: 2026-02-23

Indicators

類似Pulses

Chinese threat actor - Wordpress exploits and PHP file dropper (score: 0.58)
Evolution of Pseudo Darkleech (score: 0.56)
WordPress Compromise Campaign (score: 0.56)
Exploring CVE-2015-2545 and its users (score: 0.55)
Suspicious IP addresses (score: 0.55)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 13.12

Matched TTPs:

T1053.007 - Container Orchestration Job
T1027.014 - Polymorphic Code
T1547.002 - Authentication Package
T1126 - Network Share Connection Removal

MITREへのリンク →

Mustang Panda

Score: 6.47

Matched TTPs:

T1053.007 - Container Orchestration Job
T1548.006 - TCC Manipulation

MITREへのリンク →

APT41

Score: 11.46

Matched TTPs:

T1560.003 - Archive via Custom Method
T1048 - Exfiltration Over Alternative Protocol
T1548.006 - TCC Manipulation
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Scattered Spider

Score: 9.47

Matched TTPs:

T1560.003 - Archive via Custom Method
T1498 - Network Denial of Service
T1548.006 - TCC Manipulation

MITREへのリンク →

TA505

Score: 3.29

Matched TTPs:

T1560.003 - Archive via Custom Method

MITREへのリンク →

Volt Typhoon

Score: 8.46

Matched TTPs:

T1560.003 - Archive via Custom Method
T1546.016 - Installer Packages
T1548.006 - TCC Manipulation

MITREへのリンク →

APT3

Score: 3.29

Matched TTPs:

T1560.003 - Archive via Custom Method

MITREへのリンク →

FIN13

Score: 5.63

Matched TTPs:

T1560.003 - Archive via Custom Method
T1548.006 - TCC Manipulation

MITREへのリンク →

Contagious Interview

Score: 7.69

Matched TTPs:

T1562.010 - Downgrade Attack
T1126 - Network Share Connection Removal

MITREへのリンク →

BlackByte

Score: 6.24

Matched TTPs:

T1562.010 - Downgrade Attack
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Gamaredon Group

Score: 9.39

Matched TTPs:

T1562.010 - Downgrade Attack
T1547.002 - Authentication Package
T1546.017 - Udev Rules

MITREへのリンク →

OilRig

Score: 7.98

Matched TTPs:

T1048 - Exfiltration Over Alternative Protocol
T1592.002 - Software

MITREへのリンク →

Dark Caracal

Score: 5.20

Matched TTPs:

T1048 - Exfiltration Over Alternative Protocol
T1059.012 - Hypervisor CLI

MITREへのリンク →

Silence

Score: 5.84

Matched TTPs:

T1048 - Exfiltration Over Alternative Protocol
T1027.007 - Dynamic API Resolution

MITREへのリンク →

APT38

Score: 7.60

Matched TTPs:

T1048 - Exfiltration Over Alternative Protocol
T1059.012 - Hypervisor CLI
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Blue Mockingbird

Score: 5.14

Matched TTPs:

T1027.014 - Polymorphic Code
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Leviathan

Score: 10.50

Matched TTPs:

T1027.014 - Polymorphic Code
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1546.017 - Udev Rules

MITREへのリンク →

APT32

Score: 6.91

Matched TTPs:

T1027.014 - Polymorphic Code
T1059.012 - Hypervisor CLI
T1027.007 - Dynamic API Resolution

MITREへのリンク →

APT19

Score: 4.51

Matched TTPs:

T1027.014 - Polymorphic Code
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT37

Score: 4.16

Matched TTPs:

T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI

MITREへのリンク →

Lazarus Group

Score: 7.00

Matched TTPs:

T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

APT39

Score: 4.80

Matched TTPs:

T1547.002 - Authentication Package
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Magic Hound

Score: 4.16

Matched TTPs:

T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI

MITREへのリンク →

Turla

Score: 7.00

Matched TTPs:

T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

FIN7

Score: 4.80

Matched TTPs:

T1547.002 - Authentication Package
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Sandworm Team

Score: 7.57

Matched TTPs:

T1547.002 - Authentication Package
T1546.016 - Installer Packages
T1548.006 - TCC Manipulation

MITREへのリンク →

APT28

Score: 6.50

Matched TTPs:

T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI
T1548.006 - TCC Manipulation

MITREへのリンク →

Earth Lusca

Score: 4.60

Matched TTPs:

T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

Dragonfly

Score: 6.94

Matched TTPs:

T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1548.006 - TCC Manipulation

MITREへのリンク →

Threat Group-3390

Score: 4.92

Matched TTPs:

T1059.012 - Hypervisor CLI
T1546.017 - Udev Rules

MITREへのリンク →

Daggerfly

Score: 4.60

Matched TTPs:

T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

Indrik Spider

Score: 6.68

Matched TTPs:

T1498 - Network Denial of Service
T1546.016 - Installer Packages

MITREへのリンク →

Salt Typhoon

Score: 3.84

Matched TTPs:

T1498 - Network Denial of Service

MITREへのリンク →

Moonstone Sleet

Score: 6.24

Matched TTPs:

T1126 - Network Share Connection Removal
T1027.007 - Dynamic API Resolution

MITREへのリンク →

FIN6

Score: 4.74

Matched TTPs:

T1548.006 - TCC Manipulation
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Chimera

Score: 4.74

Matched TTPs:

T1548.006 - TCC Manipulation
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Medusa Group

Score: 4.74

Matched TTPs:

T1548.006 - TCC Manipulation
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Wizard Spider

Score: 4.74

Matched TTPs:

T1548.006 - TCC Manipulation
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Ke3chang

Score: 4.74

Matched TTPs:

T1548.006 - TCC Manipulation
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Molerats

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

Higaisa

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

TA2541

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

Mofang

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.76

Matched TTPs:

T1547.002 - Authentication Package
T1126 - Network Share Connection Removal
T1027.014 - Polymorphic Code
T1053.007 - Container Orchestration Job

MITREへのリンク →

APT41

Score: 0.71

Matched TTPs:

T1548.006 - TCC Manipulation
T1048 - Exfiltration Over Alternative Protocol
T1027.007 - Dynamic API Resolution
T1560.003 - Archive via Custom Method

MITREへのリンク →

Leviathan

Score: 0.63

Matched TTPs:

T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1027.014 - Polymorphic Code
T1546.017 - Udev Rules

MITREへのリンク →

Scattered Spider

Score: 0.59

Matched TTPs:

T1548.006 - TCC Manipulation
T1498 - Network Denial of Service
T1560.003 - Archive via Custom Method

MITREへのリンク →

Gamaredon Group

Score: 0.57

Matched TTPs:

T1562.010 - Downgrade Attack
T1547.002 - Authentication Package
T1546.017 - Udev Rules

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る