Following up on an excellent blog post we discovered (linked in thread), we dug a little deeper on a recent #WordPress plugin compromise.
-
Following up on an excellent blog post we discovered (linked in thread), we dug a little deeper on a recent #WordPress plugin compromise. We have more IoCs for you, and what we believe to be a use of the blockchain for an initial access auction for the plugin install base.
-
M mttaggart@infosec.exchange shared this topic
-
Following up on an excellent blog post we discovered (linked in thread), we dug a little deeper on a recent #WordPress plugin compromise. We have more IoCs for you, and what we believe to be a use of the blockchain for an initial access auction for the plugin install base.
@ifin one thing I’m interested in is the Ethereum API or RPC endpoint the malware is using for the Etherhiding. My theory is that these threat actors use the same handful of endpoints and I want to make their lives harder by blocking those endpoints cc: @mttaggart
-
@ifin one thing I’m interested in is the Ethereum API or RPC endpoint the malware is using for the Etherhiding. My theory is that these threat actors use the same handful of endpoints and I want to make their lives harder by blocking those endpoints cc: @mttaggart
@deepthoughts10 @ifin The second stage did indeed have a handful of crypto exchanges it would try to hit. No reason not to block them all in an enterprise environment, imo.
-
@deepthoughts10 @ifin The second stage did indeed have a handful of crypto exchanges it would try to hit. No reason not to block them all in an enterprise environment, imo.
@mttaggart @ifin can you share the URLs that were involved?
