Versions (4)
Version DetailsCurrent
Rev: 1 • Jun 26, 2024, 12:00 PMET MALWARE Observed Wordpress Social Warfare Plugin Exploit Related Domain (online-vip-dating .com in TLS SNI)
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Observed Wordpress Social Warfare Plugin Exploit Related Domain (online-vip-dating .com in TLS SNI)"; flow:established,to_server; tls.sni; dotprefix; content:".online-vip-dating.com"; endswith; fast_pattern; reference:url,www.wordfence.com/blog/2024/06/supply-chain-attack-on-wordpress-org-plugins-leads-to-5-maliciously-compromised-wordpress-plugins/; classtype:trojan-activity; sid:2054050; rev:1; metadata:attack_target Client_Endpoint, created_at 2024_06_26, deployment Perimeter, confidence High, signature_severity Major, tag Wordpress, updated_at 2024_06_26, reviewed_at 2025_04_21, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1071, mitre_technique_name Application_Layer_Protocol;)
Jun 26, 2024, 12:00 PM
Jun 26, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 21, 2024, 3:00 AM
rules/emerging-malware.rules