Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added crypto miner match

Browse Source
This commit is contained in:
Palma Solutions LTD 2018-05-16 21:55:29 +02:00
parent f3e812db10
commit 3e105ea3a7
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
scan.py
View File

@ -238,6 +238,7 @@ scoring = {
'MD5': (20, u'md5 strings used in malware'), 'MD5': (20, u'md5 strings used in malware'),
'SOCIALS': (50, u'Email addresses, links and social networking'), 'SOCIALS': (50, u'Email addresses, links and social networking'),
'EITEST': (65, u'Eitest'), 'EITEST': (65, u'Eitest'),
'CRYPTO': (65, u'Cryptocurrency Miners'),
} }
@ -546,6 +547,8 @@ def is_hacked(filename):
or 'Wells Fargo Home Page' in l \ or 'Wells Fargo Home Page' in l \
or 'Chase Online - Logon' in l: or 'Chase Online - Logon' in l:
score.append(('PHISHING', '')) score.append(('PHISHING', ''))
if re.compile('User-Agent.*cpuminer').match(l):
score.append(('CRYPTO', ''))
previous_line = l previous_line = l
if line_num < 20: if line_num < 20: