Trusted Design

Cloudflare[.]Solutions Keylogger on Thousands of Infected WordPress Sites

概要

A few weeks ago, we wrote about a massive WordPress infection that injected an obfuscated script pretending to be jQuery and Google Analytics. In reality, this script loaded a CoinHive cryptocurrency miner from a third-party server. We also mentioned a post written back in April that described the cloudflare.solutions malware, which came along with the cryptominers. At this moment, PublcWWW reports there are 5,482 sites infected with this malware. It seems that this evolving campaign is now adding keyloggers to the mix.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

WordPress Compromise Campaign (score: 0.68)
Compromised Domain Serving Keyloggers (score: 0.66)
KeyBase Keylogger Malware Family Exposed (score: 0.66)
Hawkeye Keylogger – Reborn v8: An in-depth campaign analysis (score: 0.63)
Compromised Wordpress sites serving multiple malware payloads (score: 0.63)

このPulseに関連する脅威アクター (事実ベース)

Scattered Spider

Score: 11.13

Matched TTPs:

T1566.002 - Spearphishing Link
T1491 - Defacement
T1136.002 - Domain Account
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Mustang Panda

Score: 8.56

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1055.005 - Thread Local Storage

MITREへのリンク →

Sandworm Team

Score: 8.05

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1016.002 - Wi-Fi Discovery

MITREへのリンク →

APT32

Score: 15.53

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.004 - Drive-by Target
T1091 - Replication Through Removable Media
T1684 - Social Engineering
T1027.014 - Polymorphic Code
T1059.012 - Hypervisor CLI

MITREへのリンク →

Kimsuky

Score: 9.64

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1684 - Social Engineering
T1027.014 - Polymorphic Code

MITREへのリンク →

Magic Hound

Score: 7.85

Matched TTPs:

T1566.002 - Spearphishing Link
T1016.002 - Wi-Fi Discovery
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT28

Score: 7.15

Matched TTPs:

T1566.002 - Spearphishing Link
T1059.012 - Hypervisor CLI
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Star Blizzard

Score: 4.43

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media

MITREへのリンク →

Moonstone Sleet

Score: 7.72

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1491 - Defacement

MITREへのリンク →

CURIUM

Score: 4.22

Matched TTPs:

T1566.002 - Spearphishing Link
T1059.012 - Hypervisor CLI

MITREへのリンク →

Dragonfly

Score: 4.22

Matched TTPs:

T1566.002 - Spearphishing Link
T1059.012 - Hypervisor CLI

MITREへのリンク →

Patchwork

Score: 4.22

Matched TTPs:

T1566.002 - Spearphishing Link
T1059.012 - Hypervisor CLI

MITREへのリンク →

RedCurl

Score: 7.75

Matched TTPs:

T1608.004 - Drive-by Target
T1016.002 - Wi-Fi Discovery

MITREへのリンク →

TA2541

Score: 6.89

Matched TTPs:

T1091 - Replication Through Removable Media
T1684 - Social Engineering
T1136.002 - Domain Account

MITREへのリンク →

Earth Lusca

Score: 6.20

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1059.012 - Hypervisor CLI

MITREへのリンク →

LuminousMoth

Score: 4.43

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account

MITREへのリンク →

Mustard Tempest

Score: 3.74

Matched TTPs:

T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI

MITREへのリンク →

OilRig

Score: 6.51

Matched TTPs:

T1091 - Replication Through Removable Media
T1592.002 - Software

MITREへのリンク →

TeamTNT

Score: 5.59

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.006 - Kernel Modules and Extensions

MITREへのリンク →

LazyScripter

Score: 4.43

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account

MITREへのリンク →

Gamaredon Group

Score: 4.43

Matched TTPs:

T1091 - Replication Through Removable Media
T1684 - Social Engineering

MITREへのリンク →

Threat Group-3390

Score: 3.74

Matched TTPs:

T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI

MITREへのリンク →

TA505

Score: 8.05

Matched TTPs:

T1091 - Replication Through Removable Media
T1016.002 - Wi-Fi Discovery
T1136.002 - Domain Account

MITREへのリンク →

BlackByte

Score: 4.43

Matched TTPs:

T1091 - Replication Through Removable Media
T1684 - Social Engineering

MITREへのリンク →

FIN7

Score: 6.51

Matched TTPs:

T1091 - Replication Through Removable Media
T1011.001 - Exfiltration Over Bluetooth

MITREへのリンク →

APT38

Score: 7.51

Matched TTPs:

T1684 - Social Engineering
T1491 - Defacement
T1059.012 - Hypervisor CLI

MITREへのリンク →

Cobalt Group

Score: 5.20

Matched TTPs:

T1684 - Social Engineering
T1027.014 - Polymorphic Code

MITREへのリンク →

APT37

Score: 4.22

Matched TTPs:

T1684 - Social Engineering
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT5

Score: 5.39

Matched TTPs:

T1684 - Social Engineering
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

PLATINUM

Score: 4.22

Matched TTPs:

T1684 - Social Engineering
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT41

Score: 6.08

Matched TTPs:

T1684 - Social Engineering
T1547.006 - Kernel Modules and Extensions

MITREへのリンク →

Turla

Score: 6.68

Matched TTPs:

T1684 - Social Engineering
T1136.002 - Domain Account
T1059.012 - Hypervisor CLI

MITREへのリンク →

Fox Kitten

Score: 3.29

Matched TTPs:

T1491 - Defacement

MITREへのリンク →

Volt Typhoon

Score: 3.29

Matched TTPs:

T1491 - Defacement

MITREへのリンク →

Chimera

Score: 3.29

Matched TTPs:

T1491 - Defacement

MITREへのリンク →

Winter Vivern

Score: 6.30

Matched TTPs:

T1548 - Abuse Elevation Control Mechanism
T1059.012 - Hypervisor CLI

MITREへのリンク →

LAPSUS$

Score: 5.39

Matched TTPs:

T1136.002 - Domain Account
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

UNC3886

Score: 6.59

Matched TTPs:

T1136.002 - Domain Account
T1547.015 - Login Items

MITREへのリンク →

Andariel

Score: 4.22

Matched TTPs:

T1136.002 - Domain Account
T1059.012 - Hypervisor CLI

MITREへのリンク →

PROMETHIUM

Score: 5.90

Matched TTPs:

T1547.015 - Login Items
T1059.012 - Hypervisor CLI

MITREへのリンク →

Rocke

Score: 3.62

Matched TTPs:

T1547.006 - Kernel Modules and Extensions

MITREへのリンク →

Blue Mockingbird

Score: 6.37

Matched TTPs:

T1547.006 - Kernel Modules and Extensions
T1027.014 - Polymorphic Code

MITREへのリンク →

Storm-0501

Score: 5.67

Matched TTPs:

T1027.014 - Polymorphic Code
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Leviathan

Score: 4.51

Matched TTPs:

T1027.014 - Polymorphic Code
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT19

Score: 4.51

Matched TTPs:

T1027.014 - Polymorphic Code
T1059.012 - Hypervisor CLI

MITREへのリンク →

Lazarus Group

Score: 5.90

Matched TTPs:

T1059.012 - Hypervisor CLI
T1055.005 - Thread Local Storage

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT32

Score: 0.81

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.004 - Drive-by Target
T1091 - Replication Through Removable Media
T1027.014 - Polymorphic Code
T1684 - Social Engineering
T1059.012 - Hypervisor CLI

MITREへのリンク →

Scattered Spider

Score: 0.60

Matched TTPs:

T1491 - Defacement
T1566.002 - Spearphishing Link
T1021.001 - Remote Desktop Protocol
T1136.002 - Domain Account

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る