diff options
| -rw-r--r-- | php-malware-finder/common.yar | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/php-malware-finder/common.yar b/php-malware-finder/common.yar index d3ed3c2..ae2b784 100644 --- a/php-malware-finder/common.yar +++ b/php-malware-finder/common.yar | |||
| @@ -12,14 +12,14 @@ rule CloudFlareBypass | |||
| 12 | private rule IRC | 12 | private rule IRC |
| 13 | { | 13 | { |
| 14 | strings: | 14 | strings: |
| 15 | $ = "USER" fullword | 15 | $ = "USER" fullword nocase |
| 16 | $ = "PASS" fullword | 16 | $ = "PASS" fullword nocase |
| 17 | $ = "PRIVMSG" fullword | 17 | $ = "PRIVMSG" fullword nocase |
| 18 | $ = "MODE" fullword | 18 | $ = "MODE" fullword nocase |
| 19 | $ = "PING" fullword | 19 | $ = "PING" fullword nocase |
| 20 | $ = "PONG" fullword | 20 | $ = "PONG" fullword nocase |
| 21 | $ = "JOIN" fullword | 21 | $ = "JOIN" fullword nocase |
| 22 | $ = "PART" fullword | 22 | $ = "PART" fullword nocase |
| 23 | 23 | ||
| 24 | condition: | 24 | condition: |
| 25 | 5 of them | 25 | 5 of them |
