diff options
| -rw-r--r-- | whitelist.yara | 56 |
1 files changed, 55 insertions, 1 deletions
diff --git a/whitelist.yara b/whitelist.yara index ce7bafb..0142a53 100644 --- a/whitelist.yara +++ b/whitelist.yara | |||
| @@ -44,17 +44,71 @@ private rule Magento : ECommerce | |||
| 44 | private rule Drupal : Blog | 44 | private rule Drupal : Blog |
| 45 | { | 45 | { |
| 46 | condition: | 46 | condition: |
| 47 | /* Drupal 7.38 */ | ||
| 48 | hash.sha1(0, filesize) == "ad7587ce735352b6a55526005c05c280e9d41822" or // modules/system/system.admin.inc | ||
| 49 | hash.sha1(0, filesize) == "dfa67a40daeb9c1dd28f3fab00097852243258ed" or // modules/system/system.module | ||
| 50 | |||
| 51 | /* Drupal 7.15 */ | ||
| 47 | hash.sha1(0, filesize) == "23cc0e2c6eebe94fe189e258a3658b40b0005891" or // modules/simpletest/tests/upgrade/drupal-6.bare.database.php | 52 | hash.sha1(0, filesize) == "23cc0e2c6eebe94fe189e258a3658b40b0005891" or // modules/simpletest/tests/upgrade/drupal-6.bare.database.php |
| 48 | hash.sha1(0, filesize) == "8cb36d865b951378c3266dca7d5173a303e8dcff" or // modules/simpletest/tests/upgrade/drupal-6.filled.database.php | 53 | hash.sha1(0, filesize) == "8cb36d865b951378c3266dca7d5173a303e8dcff" or // modules/simpletest/tests/upgrade/drupal-6.filled.database.php |
| 49 | hash.sha1(0, filesize) == "6c9c01bef14f8f64ef0af408f7ed764791531cc6" or // modules/system/system.module | 54 | hash.sha1(0, filesize) == "6c9c01bef14f8f64ef0af408f7ed764791531cc6" or // modules/system/system.module |
| 50 | hash.sha1(0, filesize) == "ad03ed890400cf319f713ee0b4b6a62a5710f580" // modules/system/system.admin.inc | 55 | hash.sha1(0, filesize) == "ad03ed890400cf319f713ee0b4b6a62a5710f580" // modules/system/system.admin.inc |
| 51 | } | 56 | } |
| 52 | 57 | ||
| 58 | private rule Roundcube | ||
| 59 | { | ||
| 60 | condition: | ||
| 61 | /* Roundcube 1.1.2 */ | ||
| 62 | hash.sha1(0, filesize) == "afab52649172b46f64301f41371d346297046af2" or // program/lib/Roundcube/rcube_utils.php | ||
| 63 | hash.sha1(0, filesize) == "e6b81834e081cc2bd38fce787c5088e63d933953" or // program/include/rcmail_output_html.php | ||
| 64 | hash.sha1(0, filesize) == "7783e9fad144ca5292630d459bd86ec5ea5894fc" or // vendor/pear-pear.php.net/Net_LDAP2/Net/LDAP2/Util.php | ||
| 65 | |||
| 66 | /* Roundcube 1.0.6 */ | ||
| 67 | hash.sha1(0, filesize) == "76d55f05f2070f471ba977b5b0f690c91fa8cdab" or // program/lib/Roundcube/rcube_utils.php | ||
| 68 | hash.sha1(0, filesize) == "c68319e3e1adcd3e22cf2338bc79f12fd54f6d4a" // program/include/rcmail_output_html.php | ||
| 69 | } | ||
| 70 | |||
| 71 | private rule Concrete5 | ||
| 72 | { | ||
| 73 | condition: | ||
| 74 | /* concrete5 7.4.2 */ | ||
| 75 | hash.sha1(0, filesize) == "927bbd60554ae0789d4688738b4ae945195a3c1c" or // concrete/vendor/oyejorge/less.php/lib/Less/Tree/Dimension.php | ||
| 76 | hash.sha1(0, filesize) == "67f07022dae5fa39e8a37c09d67cbcb833e10d1f" or // concrete/vendor/oyejorge/less.php/lib/Less/Tree/Unit.php | ||
| 77 | hash.sha1(0, filesize) == "e1dcbc7b05e8ba6cba392f8fd44a3564fcad3666" // concrete/vendor/doctrine/inflector/lib/Doctrine/Common/Inflector/Inflector.php | ||
| 78 | } | ||
| 79 | |||
| 80 | private rule Dotclear : Blog | ||
| 81 | { | ||
| 82 | condition: | ||
| 83 | /* dotclear 2.7.5 */ | ||
| 84 | hash.sha1(0, filesize) == "192126b08c40c5ca086b5e4d7433e982f708baf3" or // inc/public/class.dc.template.php | ||
| 85 | hash.sha1(0, filesize) == "51e6810ccd3773e2bd453e97ccf16059551bae08" or // inc/libs/clearbricks/common/lib.date.php | ||
| 86 | hash.sha1(0, filesize) == "4172e35e7c9ce35de9f56fb8dfebe8d453f0dee4" or // inc/libs/clearbricks/template/class.template.php | ||
| 87 | hash.sha1(0, filesize) == "cf65db6ae55486f51370f87c4653aaed56903ccc" // inc/core/class.dc.modules.php | ||
| 88 | |||
| 89 | } | ||
| 90 | |||
| 91 | private rule Owncloud | ||
| 92 | { | ||
| 93 | condition: | ||
| 94 | /* ownCloud 8.1.0 */ | ||
| 95 | hash.sha1(0, filesize) == "a58489a3d8401295bb09cfbad09486f605625658" or // 3rdparty/phpseclib/phpseclib/phpseclib/Net/SSH1.php | ||
| 96 | hash.sha1(0, filesize) == "463627a4064dc05e93e6f9fc5605d4c8a4e09200" or // 3rdparty/jeremeamia/SuperClosure/src/SerializableClosure.php | ||
| 97 | hash.sha1(0, filesize) == "5346cb6817a75c26a6aad86e0b4ffb1d5145caa5" or // 3rdparty/symfony/process/Symfony/Component/Process/Process.php | ||
| 98 | hash.sha1(0, filesize) == "c8a6d4292448c7996e0092e6bfd38f90c34df090" or // core/doc/admin/_images/oc_admin_app_page.png | ||
| 99 | hash.sha1(0, filesize) == "acc7af31d4067c336937719b9a9ad7ac8497561e" // core/doc/admin/_sources/configuration_server/performance_tuning.txt | ||
| 100 | |||
| 101 | } | ||
| 102 | |||
| 53 | private rule IsWhitelisted | 103 | private rule IsWhitelisted |
| 54 | { | 104 | { |
| 55 | condition: | 105 | condition: |
| 56 | Wordpress or | 106 | Wordpress or |
| 57 | Prestashop or | 107 | Prestashop or |
| 58 | Magento or | 108 | Magento or |
| 59 | Drupal | 109 | Drupal or |
| 110 | Roundcube or | ||
| 111 | Concrete5 or | ||
| 112 | Dotclear or | ||
| 113 | Owncloud | ||
| 60 | } | 114 | } |