← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
New Wave of Infections Impersonates WordPress Plugins
WHITE SocGholish AlienVault 2024-03-04 Modified: 2024-03-04
8
IOCs
LOW VOLUME
A recent wave of SocGholish malware infections has been targeting WordPress websites by compromising administrator accounts and uploading fake versions of legitimate plugins containing malicious code. The malware tricks users into downloading remote access trojans leading to ransomware attacks.
remote access trojancompromised credentialssocgholishmalicious wordpress plugins
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
SocGholish
Indicators of Compromise (1 / 8 total)
All FileHash-MD5 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 5e6a5a662df24f2fbd4d5e1e17d57144 2024-03-04
References (1)
↗ https://blog.sucuri.net/2024/03/new-wave-of-socgholish-infections-impersonates-wordpress-plugins.html