From c1c71bd9ef015d956c5c932541999de69ac9dde2 Mon Sep 17 00:00:00 2001
From: cconversion <31623303+cconversion@users.noreply.github.com>
Date: Mon, 11 Feb 2019 05:53:33 +1100
Subject: [PATCH] Update patterns_raw.txt

Added WP-VCD Malware strings
---
 definitions/patterns_raw.txt | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/definitions/patterns_raw.txt b/definitions/patterns_raw.txt
index d4b878d..67919b1 100644
--- a/definitions/patterns_raw.txt
+++ b/definitions/patterns_raw.txt
@@ -261,6 +261,16 @@ tmhapbzcerff
 IndoXploit
 FaisaL Ahmed aka rEd X
 
+#Malware/Attack strings
+wp-vcd
+class.theme-modules.php
+file_exists(ABSPATH . 'wp-includes/wp-tmp.php'
+tmpcontentx
+function wp_temp_setupx
+wp-tmp.php
+derna.top/code.php
+stripos($tmpcontent, $wp_auth_key)
+#https://www.getastra.com/blog/911/how-to-fix-wp-vcd-backdoor-hack-in-wordpress-functions-php/
 
 #Miscellaneous
 uname -a
@@ -362,4 +372,4 @@ ZeroByte
 100, 111, 99, 117, 109, 101, 110, 116, 46, 99, 114, 101, 97, 116, 101, 69, 108, 101, 109, 101, 110, 116, 40, 39, 115, 99, 114, 105, 112, 116, 39, 41, 59
 
 # JS escaped: String.fromCharCode(
-83, 116, 114, 105, 110, 103, 46, 102, 114, 111, 109, 67, 104, 97, 114, 67, 111, 100, 101, 40
\ No newline at end of file
+83, 116, 114, 105, 110, 103, 46, 102, 114, 111, 109, 67, 104, 97, 114, 67, 111, 100, 101, 40