Signature update reported in #25

This commit is contained in:
Gabor Gyorvari
2018-09-22 18:30:02 +02:00
parent 7d8854ae8e
commit d7fe8589b0
2 changed files with 9 additions and 2 deletions

View File

@@ -353,3 +353,7 @@ substr(md5(time()), 0, 8) . ".php"
# webshell # webshell
0byt3m1n1 0byt3m1n1
ZeroByte ZeroByte
# obfuscated function name
'str_' .'rot13'
'st' .'rrev'

View File

@@ -99,3 +99,6 @@ php_uname\(["'asrvm]+\)
# XOR decode POST-ed payload # XOR decode POST-ed payload
(\^\s*\$\w+\[\$\w+\s*%\s*strlen\(\$\w+\)\]\s*){2,} (\^\s*\$\w+\[\$\w+\s*%\s*strlen\(\$\w+\)\]\s*){2,}
# uncommon function name underscore with many numbers
function\s+_[0-9]{8,}\(