chmod777

author: Julien Voisin 2016-02-12 13:25:48 +0100
committer: Julien Voisin 2016-02-12 15:05:05 +0100
commit: ced28d12fecc276475ec5b98b117c4bd866c99fc (patch)
tree: 98906b5585fb95af14ba58b67a5c9bc3f3e52a30
parent: 5409bc63c57442ace2e9aaa71f43e2d201597927 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/php-malware-finder/bad_php.yara b/php-malware-finder/bad_php.yara
index e3bdb76..1fb185f 100644
--- a/php-malware-finder/bad_php.yara
+++ b/php-malware-finder/bad_php.yara
@@ -33,6 +33,7 @@ rule Misc
    strings:
        $header_splitting = /header\s*\(.*\$_(GET|POST|REQUEST|COOKIE).*\)/
        $serialize = /unserialize\s*\(.*\)|unserialize_callback_func/
+        $chmod = /chmod\s*(.*777/
    condition:
        any of them
 }
author	Julien Voisin	2016-02-12 13:25:48 +0100
committer	Julien Voisin	2016-02-12 15:05:05 +0100
commit	ced28d12fecc276475ec5b98b117c4bd866c99fc (patch)
tree	98906b5585fb95af14ba58b67a5c9bc3f3e52a30
parent	5409bc63c57442ace2e9aaa71f43e2d201597927 (diff)

diff --git a/php-malware-finder/bad_php.yara b/php-malware-finder/bad_php.yara index e3bdb76..1fb185f 100644 --- a/php-malware-finder/bad_php.yara +++ b/php-malware-finder/bad_php.yara
@@ -33,6 +33,7 @@ rule Misc
33	strings:	33	strings:
34	$header_splitting = /header\s\(.\$_(GET\|POST\|REQUEST\|COOKIE).*\)/	34	$header_splitting = /header\s\(.\$_(GET\|POST\|REQUEST\|COOKIE).*\)/
35	$serialize = /unserialize\s\(.\)\|unserialize_callback_func/	35	$serialize = /unserialize\s\(.\)\|unserialize_callback_func/
		36	$chmod = /chmod\s(.777/
36	condition:	37	condition:
37	any of them	38	any of them
38	}	39	}