diff --git a/definitions/patterns_raw.txt b/definitions/patterns_raw.txt
index 52f6472..4dbb7b9 100644
--- a/definitions/patterns_raw.txt
+++ b/definitions/patterns_raw.txt
@@ -22,6 +22,9 @@ SHELL_PASSWORD
 ConnectBackShell
 ShellBOT
 == "bindshell"
+".\x00..\x20"
+FM_SESSION_ID
+HACKED BY
 
 #Remote Code
 curl_get_from_webpage
@@ -208,6 +211,12 @@ http://www.fopo.com.ar/
 ";eval(
 eval(eval(
 @eval(`
+convert_uudecode(convert_uuencode
+"64_decode"
+'f' . 'il' . 'e' . '_'
+'co' . 'nt' . 'e' . 'nt'
+'h' . 'tm' . 'l' . 'sp'
+'ha' . 'r' . 's'
 
 #Malware/Attack specific strings/fingerprints/signatures
 MagelangCyber
@@ -266,6 +275,12 @@ smisbot
 smotherbot
 Indonesian Hacker Rulez
 pwetan.com
+iNHUMaN
+Heartzz
+Bye Bye Litespeed
+BunnyInvisible
+SEMOGABERKAH
+BUTERFLYCOUNTRY
 
 # WP-VCD Malware https://www.getastra.com/blog/911/how-to-fix-wp-vcd-backdoor-hack-in-wordpress-functions-php/
 wp-vcd
@@ -363,6 +378,7 @@ php_uname()
 str_split(rawurldecode(str_rot13(
 # generating PHP file name to put content
 substr(md5(time()), 0, 8) . ".php"
+'a:1:{s:13:\"administrator\";b:1;}'
 
 # webshell
 0byt3m1n1