Full Report
2025-06-12 • Infoblox • Infoblox Threat Intelligence Group • php.dollyway Open article on Malpedia
Analysis Summary
The provided article description is extremely brief and only contains metadata (title, author, source) and links to external resources ("Inventory," "Statistics," etc.). It does **not** contain sufficient narrative content detailing the threat actor's identity, campaigns, TTPs, targeting, or motivations.
Therefore, the resulting summary will reflect only the minimal information discernible from the title and source metadata.
# Threat Actor: Unspecified WordPress Hackers / Adtech Cabal
## Attribution & Identity
The actor is referenced in the context of an "eerie relationship between WordPress hackers and an Adtech Cabal." Specific attribution or naming of the primary threat actor is not detailed in the description. The analysis originates from the Infoblox Threat Intelligence Group.
## Activity Summary
The article focuses on investigating a relationship or synergy between actors targeting WordPress installations and a cabal operating within the AdTech space. No specific historical campaigns are detailed in the provided context.
## Tactics, Techniques & Procedures
- TTPs are not specified in the provided description.
- MITRE ATT&CK IDs are not present.
## Targeting
- Sectors: Implied targeting includes websites running WordPress, and entities within the AdTech sector.
- Geography: Not specified.
- Victims: Not specified.
## Tools & Infrastructure
- Malware families used: **php.dollyway** is cross-referenced, suggesting it is a tool associated with this activity.
- Infrastructure (C2, domains, IPs): Not specified. (No URLs or IPs provided to defang).
## Implications
The threat lies in the potential collaboration between opportunistic website compromise actors (WordPress hackers) and a more established or focused operational group within the AdTech sector, suggesting potential pathways for financial fraud or high-volume monetization of compromised WordPress sites.
## Mitigations
- Maintain security updates for WordPress installations.
- Conduct monitoring for signs of compromise related to PHP backdoors/web shells.