Add some sql keywords (xp_*)

author: Julien Voisin 2016-02-17 10:46:25 +0100
committer: Julien Voisin 2016-02-17 10:46:25 +0100
commit: ff2443d4ee9a94163898dce91ff575cd77407991 (patch)
tree: 042c0a592d62b59fa8556831cb9b9aeba9f12749
parent: 290e69de7040158cd7018535b609a375d4e9b347 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara
index 2384f05..1a4b940 100644
--- a/php-malware-finder/malwares.yara
+++ b/php-malware-finder/malwares.yara
@@ -224,6 +224,7 @@ rule DodgyStrings
        $ = /(reverse|web)\s*shell/ nocase
        $ = /\/bin\/(ba)?sh/ fullword
        $ = /hack(ing|er)/ nocase
+        $ = /xp_(execresultset|regenumkeys|cmdshell|filelist)/
        $vbs = /language\s*=\s*vbscript/ nocase
        $asp = "scripting.filesystemobject" nocase
author	Julien Voisin	2016-02-17 10:46:25 +0100
committer	Julien Voisin	2016-02-17 10:46:25 +0100
commit	ff2443d4ee9a94163898dce91ff575cd77407991 (patch)
tree	042c0a592d62b59fa8556831cb9b9aeba9f12749
parent	290e69de7040158cd7018535b609a375d4e9b347 (diff)

diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara index 2384f05..1a4b940 100644 --- a/php-malware-finder/malwares.yara +++ b/php-malware-finder/malwares.yara
@@ -224,6 +224,7 @@ rule DodgyStrings
224	$ = /(reverse\|web)\s*shell/ nocase	224	$ = /(reverse\|web)\s*shell/ nocase
225	$ = /\/bin\/(ba)?sh/ fullword	225	$ = /\/bin\/(ba)?sh/ fullword
226	$ = /hack(ing\|er)/ nocase	226	$ = /hack(ing\|er)/ nocase
		227	$ = /xp_(execresultset\|regenumkeys\|cmdshell\|filelist)/
227		228
228	$vbs = /language\s=\svbscript/ nocase	229	$vbs = /language\s=\svbscript/ nocase
229	$asp = "scripting.filesystemobject" nocase	230	$asp = "scripting.filesystemobject" nocase