1 files changed, 1 insertions, 0 deletions
diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara
index b348a81..dc46b24 100644
--- a/php-malware-finder/malwares.yara
+++ b/php-malware-finder/malwares.yara
@@ -203,6 +203,7 @@ rule DodgyStrings
        $ = "ls -la" fullword
        $ = "meterpreter" fullword"
        $ = "nc -l" fullword
+        $ = "php://"
        $ = "ps -aux" fullword
        $ = "rootkit" fullword nocase
        $ = "slowloris" fullword nocase

diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara index b348a81..dc46b24 100644 --- a/php-malware-finder/malwares.yara +++ b/php-malware-finder/malwares.yara
@@ -203,6 +203,7 @@ rule DodgyStrings
203	$ = "ls -la" fullword	203	$ = "ls -la" fullword
204	$ = "meterpreter" fullword"	204	$ = "meterpreter" fullword"
205	$ = "nc -l" fullword	205	$ = "nc -l" fullword
		206	$ = "php://"
206	$ = "ps -aux" fullword	207	$ = "ps -aux" fullword
207	$ = "rootkit" fullword nocase	208	$ = "rootkit" fullword nocase
208	$ = "slowloris" fullword nocase	209	$ = "slowloris" fullword nocase