Sample update from #93

2026-06-16 12:30:35 +00:00 · 2025-05-15 17:55:25 +02:00
parent cad03dc3b4
commit a31cc18dc5
1 changed files with 16 additions and 0 deletions
--- a/definitions/patterns_raw.txt
+++ b/definitions/patterns_raw.txt
@@ -22,6 +22,9 @@ SHELL_PASSWORD
 ConnectBackShell
 ShellBOT
 == "bindshell"
+".\x00..\x20"
+FM_SESSION_ID
+HACKED BY

 #Remote Code
 curl_get_from_webpage
@@ -208,6 +211,12 @@ http://www.fopo.com.ar/
 ";eval(
 eval(eval(
@eval(`
+convert_uudecode(convert_uuencode
+"64_decode"
+'f' . 'il' . 'e' . '_'
+'co' . 'nt' . 'e' . 'nt'
+'h' . 'tm' . 'l' . 'sp'
+'ha' . 'r' . 's'

 #Malware/Attack specific strings/fingerprints/signatures
 MagelangCyber
@@ -266,6 +275,12 @@ smisbot
 smotherbot
 Indonesian Hacker Rulez
 pwetan.com
+iNHUMaN
+Heartzz
+Bye Bye Litespeed
+BunnyInvisible
+SEMOGABERKAH
+BUTERFLYCOUNTRY

 # WP-VCD Malware https://www.getastra.com/blog/911/how-to-fix-wp-vcd-backdoor-hack-in-wordpress-functions-php/
 wp-vcd
@@ -363,6 +378,7 @@ php_uname()
 str_split(rawurldecode(str_rot13(
 # generating PHP file name to put content
 substr(md5(time()), 0, 8) . ".php"
+'a:1:{s:13:\"administrator\";b:1;}'

 # webshell
 0byt3m1n1