Pulse Detail — Threat Intelligence

PULSE NAME

New Wave of Infections Impersonates WordPress Plugins

WHITE SocGholish AlienVault 2024-03-04 Modified: 2024-03-04

IOCs

LOW VOLUME

A recent wave of SocGholish malware infections has been targeting WordPress websites by compromising administrator accounts and uploading fake versions of legitimate plugins containing malicious code. The malware tricks users into downloading remote access trojans leading to ransomware attacks.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1133 T1140 T1190 T1059 T1566 T1078 T1027

MALWARE FAMILIES

SocGholish

Indicators of Compromise (8)

All FileHash-MD5 URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	5e6a5a662df24f2fbd4d5e1e17d57144	—	2024-03-04
URL	https://asyncfunctionapi.com/X3NjL4YKuTP4PftiGfN7xFfYJTLQKBzRw2p3K2hpiTD	—	2024-03-04
URL	https://eeatgoodx.com/gSyTvKB9	—	2024-03-04
URL	https://funcallback.com/WyNzslZcNXc4hHNvLCDDiTamINVoxtt-L-d6Ayg3PMl	—	2024-03-04
URL	https://gitbrancher.com/tKWKSumd4TuZvaouP1sbETiHRNvewWvfiQ-HKnAbPX5	—	2024-03-04
domain	eeatgoodx.com	—	2024-03-04
domain	funcallback.com	—	2024-03-04
domain	gitbrancher.com	—	2024-03-04

References (1)

↗ https://blog.sucuri.net/2024/03/new-wave-of-socgholish-infections-impersonates-wordpress-plugins.html