Rule History

alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Observed Wordpress Social Warfare Plugin Exploit Related Domain (dateyourlove .live in TLS SNI)"; flow:established,to_server; tls.sni; dotprefix; content:".dateyourlove.live"; endswith; fast_pattern; reference:url,www.wordfence.com/blog/2024/06/supply-chain-attack-on-wordpress-org-plugins-leads-to-5-maliciously-compromised-wordpress-plugins/; classtype:trojan-activity; sid:2054045; rev:3; metadata:attack_target Client_Endpoint, created_at 2024_06_26, deployment Perimeter, deprecation_reason Duplicate, confidence High, signature_severity Major, tag Wordpress, updated_at 2024_06_27;)