From f0bdb1f1e1cc655ceff17f81018932fe7efbd3c8 Mon Sep 17 00:00:00 2001
From: Gabor Gyorvari <scr34m@gmail.com>
Date: Mon, 13 Dec 2021 18:09:02 +0100
Subject: [PATCH] Backdoor reported in #71

---
 definitions/patterns_re.txt | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/definitions/patterns_re.txt b/definitions/patterns_re.txt
index ab073c2..2e9ebe8 100644
--- a/definitions/patterns_re.txt
+++ b/definitions/patterns_re.txt
@@ -128,4 +128,8 @@ create_function\s*\(\s*['"]{2}
 \(count\(\$p\)==\d+&&in_array\(gettype\(\$p\)\.count\(\$p\),\$p\)\)
 
 # gzipped payload post process
-explode\('\|\x01\|\x03\|\x03', gzinflate\(
\ No newline at end of file
+explode\('\|\x01\|\x03\|\x03', gzinflate\(
+
+# backdoor reported #71
+@header\(\w{3,5}::\w{1,2}\('_\w{1,3}' \. '\w{1,3}', '_\w{1,3}'\)\);
+@header\(\w{3,5}::\w{1,2}\('_\w{1,3}', '_' \. '\w{1,3}' . '\w{1,3}'\)\);