1 files changed, 8 insertions, 8 deletions
diff --git a/php-malware-finder/common.yar b/php-malware-finder/common.yar
index d3ed3c2..ae2b784 100644
--- a/php-malware-finder/common.yar
+++ b/php-malware-finder/common.yar
@@ -12,14 +12,14 @@ rule CloudFlareBypass
 private rule IRC
 {
    strings:
-        $ = "USER" fullword
+        $ = "USER" fullword nocase
-        $ = "PASS" fullword
+        $ = "PASS" fullword nocase
-        $ = "PRIVMSG" fullword
+        $ = "PRIVMSG" fullword nocase
-        $ = "MODE" fullword
+        $ = "MODE" fullword nocase
-        $ = "PING" fullword
+        $ = "PING" fullword nocase
-        $ = "PONG" fullword
+        $ = "PONG" fullword nocase
-        $ = "JOIN" fullword
+        $ = "JOIN" fullword nocase
-        $ = "PART" fullword
+        $ = "PART" fullword nocase
    condition:
        5 of them

diff --git a/php-malware-finder/common.yar b/php-malware-finder/common.yar index d3ed3c2..ae2b784 100644 --- a/php-malware-finder/common.yar +++ b/php-malware-finder/common.yar
@@ -12,14 +12,14 @@ rule CloudFlareBypass
12	private rule IRC	12	private rule IRC
13	{	13	{
14	strings:	14	strings:
15	$ = "USER" fullword	15	$ = "USER" fullword nocase
16	$ = "PASS" fullword	16	$ = "PASS" fullword nocase
17	$ = "PRIVMSG" fullword	17	$ = "PRIVMSG" fullword nocase
18	$ = "MODE" fullword	18	$ = "MODE" fullword nocase
19	$ = "PING" fullword	19	$ = "PING" fullword nocase
20	$ = "PONG" fullword	20	$ = "PONG" fullword nocase
21	$ = "JOIN" fullword	21	$ = "JOIN" fullword nocase
22	$ = "PART" fullword	22	$ = "PART" fullword nocase
23		23
24	condition:	24	condition:
25	5 of them	25	5 of them