diff --git a/definitions/patterns_raw.txt b/definitions/patterns_raw.txt
index d4b878d..67919b1 100644
--- a/definitions/patterns_raw.txt
+++ b/definitions/patterns_raw.txt
@@ -261,6 +261,16 @@ tmhapbzcerff
 IndoXploit
 FaisaL Ahmed aka rEd X
 
+#Malware/Attack strings
+wp-vcd
+class.theme-modules.php
+file_exists(ABSPATH . 'wp-includes/wp-tmp.php'
+tmpcontentx
+function wp_temp_setupx
+wp-tmp.php
+derna.top/code.php
+stripos($tmpcontent, $wp_auth_key)
+#https://www.getastra.com/blog/911/how-to-fix-wp-vcd-backdoor-hack-in-wordpress-functions-php/
 
 #Miscellaneous
 uname -a
@@ -362,4 +372,4 @@ ZeroByte
 100, 111, 99, 117, 109, 101, 110, 116, 46, 99, 114, 101, 97, 116, 101, 69, 108, 101, 109, 101, 110, 116, 40, 39, 115, 99, 114, 105, 112, 116, 39, 41, 59
 
 # JS escaped: String.fromCharCode(
-83, 116, 114, 105, 110, 103, 46, 102, 114, 111, 109, 67, 104, 97, 114, 67, 111, 100, 101, 40
\ No newline at end of file
+83, 116, 114, 105, 110, 103, 46, 102, 114, 111, 109, 67, 104, 97, 114, 67, 111, 100, 101, 40