Add `php://` to the blacklist

author: Julien Voisin 2016-02-12 13:37:56 +0100
committer: Julien Voisin 2016-02-12 15:05:05 +0100
commit: 25cf61765520c340d641081bbb08382e2aec1e28 (patch)
tree: c526a2b95b790e653d1b51bf8f711e1c6fe15cac
parent: 7cd4c1b85b0d24b220b045a269d52b06421449a8 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara
index b348a81..dc46b24 100644
--- a/php-malware-finder/malwares.yara
+++ b/php-malware-finder/malwares.yara
@@ -203,6 +203,7 @@ rule DodgyStrings
        $ = "ls -la" fullword
        $ = "meterpreter" fullword"
        $ = "nc -l" fullword
+        $ = "php://"
        $ = "ps -aux" fullword
        $ = "rootkit" fullword nocase
        $ = "slowloris" fullword nocase
author	Julien Voisin	2016-02-12 13:37:56 +0100
committer	Julien Voisin	2016-02-12 15:05:05 +0100
commit	25cf61765520c340d641081bbb08382e2aec1e28 (patch)
tree	c526a2b95b790e653d1b51bf8f711e1c6fe15cac
parent	7cd4c1b85b0d24b220b045a269d52b06421449a8 (diff)

diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara index b348a81..dc46b24 100644 --- a/php-malware-finder/malwares.yara +++ b/php-malware-finder/malwares.yara
@@ -203,6 +203,7 @@ rule DodgyStrings
203	$ = "ls -la" fullword	203	$ = "ls -la" fullword
204	$ = "meterpreter" fullword"	204	$ = "meterpreter" fullword"
205	$ = "nc -l" fullword	205	$ = "nc -l" fullword
		206	$ = "php://"
206	$ = "ps -aux" fullword	207	$ = "ps -aux" fullword
207	$ = "rootkit" fullword nocase	208	$ = "rootkit" fullword nocase
208	$ = "slowloris" fullword nocase	209	$ = "slowloris" fullword nocase