summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulien Voisin2016-02-12 13:37:56 +0100
committerJulien Voisin2016-02-12 15:05:05 +0100
commit25cf61765520c340d641081bbb08382e2aec1e28 (patch)
treec526a2b95b790e653d1b51bf8f711e1c6fe15cac
parent7cd4c1b85b0d24b220b045a269d52b06421449a8 (diff)
Add `php://` to the blacklist
-rw-r--r--php-malware-finder/malwares.yara1
1 files changed, 1 insertions, 0 deletions
diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara
index b348a81..dc46b24 100644
--- a/php-malware-finder/malwares.yara
+++ b/php-malware-finder/malwares.yara
@@ -203,6 +203,7 @@ rule DodgyStrings
203 $ = "ls -la" fullword 203 $ = "ls -la" fullword
204 $ = "meterpreter" fullword" 204 $ = "meterpreter" fullword"
205 $ = "nc -l" fullword 205 $ = "nc -l" fullword
206 $ = "php://"
206 $ = "ps -aux" fullword 207 $ = "ps -aux" fullword
207 $ = "rootkit" fullword nocase 208 $ = "rootkit" fullword nocase
208 $ = "slowloris" fullword nocase 209 $ = "slowloris" fullword nocase