From 7e280b341566f27b4612db70df6f5ecb825354bf Mon Sep 17 00:00:00 2001
From: Julien (jvoisin) Voisin
Date: Wed, 11 May 2016 13:22:32 +0200
Subject: Add a string entry for visbot

---
 php-malware-finder/common.yar | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php-malware-finder/common.yar b/php-malware-finder/common.yar
index ff0c988..3c4bd64 100644
--- a/php-malware-finder/common.yar
+++ b/php-malware-finder/common.yar
@@ -101,6 +101,7 @@ rule DodgyStrings
         $ = "suhosin.executor.func.blacklist"
         $ = "sun-tzu" fullword nocase // Because quotes from the Art of War is mandatory for any cool webshell.
         $ = "uname -a" fullword
+        $ = "visbot" nocase fullword
         $ = "warez" fullword nocase
         $ = "whoami" fullword
         $ = /(reverse|web|cmd)\s*shell/ nocase
-- 
cgit v1.3