hashes whitelist updated with wordpress 4.2.3 and 4.4.1 FP

author: Julien "shaddai" Reveret 2016-01-29 10:32:22 +0100
committer: Julien "shaddai" Reveret 2016-01-29 10:55:54 +0100
commit: 539245a12a06763b5d77b9c01a9b3312b8d69f9f (patch)
tree: 2c67430ce513c2cf33224fb42fd9701a80ee2ad2
parent: 3a8a99d99ec250fee9611ae38d6cfde7280fb222 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/php-malware-finder/whitelist.yara b/php-malware-finder/whitelist.yara
index 858860d..a798ee8 100644
--- a/php-malware-finder/whitelist.yara
+++ b/php-malware-finder/whitelist.yara
@@ -6,6 +6,16 @@
 private rule Wordpress : Blog
 {
    condition:
+        /* Wordpress 4.4.1 */
+        hash.sha1(0, filesize)  == "7db1719874b1415e54981c6f1ed698274abffd28" or // wp-includes/formatting.php
+        hash.sha1(0, filesize)  == "ccd23ef96a588840943fba081bfa6f88531c4abc" or // wp-admin/includes/class-pclzip.php
+        /* Wordpress 4.2.3 */
+        hash.sha1(0, filesize)  == "f1c4697ae04da5eb19847c8f1296edce2ad3cec9" or // wp-includes/formatting.php
+        hash.sha1(0, filesize)  == "e7caf1f66c38bb119fe709ade012a989d8610f07" or // wp-admin/includes/class-pclzip.php
+        hash.sha1(0, filesize)  == "8ddb9eff06105b9699c6b03db54472291abcb823" or // wp-includes/taxonomy.php
+        hash.sha1(0, filesize)  == "9dd666651f57ef6e704310fe37ffce7dfd2322e4" or // wp-includes/comment.php
        /* Wordpress 3.5.1 */
        hash.sha1(0, filesize)  == "833281b4d1113180e4d1ca026f5e85a680d52662" or // wp-includes/class-phpmailer.php
        hash.sha1(0, filesize)  == "b4e4b88f2be38ed9c3147b77c2f3a7f929caba2c" or // wp-admin/includes/menu.php
author	Julien "shaddai" Reveret	2016-01-29 10:32:22 +0100
committer	Julien "shaddai" Reveret	2016-01-29 10:55:54 +0100
commit	539245a12a06763b5d77b9c01a9b3312b8d69f9f (patch)
tree	2c67430ce513c2cf33224fb42fd9701a80ee2ad2
parent	3a8a99d99ec250fee9611ae38d6cfde7280fb222 (diff)

diff --git a/php-malware-finder/whitelist.yara b/php-malware-finder/whitelist.yara index 858860d..a798ee8 100644 --- a/php-malware-finder/whitelist.yara +++ b/php-malware-finder/whitelist.yara
@@ -6,6 +6,16 @@
6	private rule Wordpress : Blog	6	private rule Wordpress : Blog
7	{	7	{
8	condition:	8	condition:
		9	/* Wordpress 4.4.1 */
		10	hash.sha1(0, filesize) == "7db1719874b1415e54981c6f1ed698274abffd28" or // wp-includes/formatting.php
		11	hash.sha1(0, filesize) == "ccd23ef96a588840943fba081bfa6f88531c4abc" or // wp-admin/includes/class-pclzip.php
		12
		13	/* Wordpress 4.2.3 */
		14	hash.sha1(0, filesize) == "f1c4697ae04da5eb19847c8f1296edce2ad3cec9" or // wp-includes/formatting.php
		15	hash.sha1(0, filesize) == "e7caf1f66c38bb119fe709ade012a989d8610f07" or // wp-admin/includes/class-pclzip.php
		16	hash.sha1(0, filesize) == "8ddb9eff06105b9699c6b03db54472291abcb823" or // wp-includes/taxonomy.php
		17	hash.sha1(0, filesize) == "9dd666651f57ef6e704310fe37ffce7dfd2322e4" or // wp-includes/comment.php
		18
9	/* Wordpress 3.5.1 */	19	/* Wordpress 3.5.1 */
10	hash.sha1(0, filesize) == "833281b4d1113180e4d1ca026f5e85a680d52662" or // wp-includes/class-phpmailer.php	20	hash.sha1(0, filesize) == "833281b4d1113180e4d1ca026f5e85a680d52662" or // wp-includes/class-phpmailer.php
11	hash.sha1(0, filesize) == "b4e4b88f2be38ed9c3147b77c2f3a7f929caba2c" or // wp-admin/includes/menu.php	21	hash.sha1(0, filesize) == "b4e4b88f2be38ed9c3147b77c2f3a7f929caba2c" or // wp-admin/includes/menu.php