added crypto miner match

2018-05-16 21:55:29 +02:00 · 2018-05-16 21:55:29 +02:00 · 3e105ea3a7
commit 3e105ea3a7
parent f3e812db10
1 changed files with 3 additions and 0 deletions
--- a/scan.py
+++ b/scan.py
@ -238,6 +238,7 @@ scoring = {
  'MD5':                      (20, u'md5 strings used in malware'),
  'SOCIALS':                  (50, u'Email addresses, links and social networking'),
  'EITEST':                   (65, u'Eitest'),
+  'CRYPTO':                   (65, u'Cryptocurrency Miners'),
 }


@ -546,6 +547,8 @@ def is_hacked(filename):
            or 'Wells Fargo Home Page' in l \
            or 'Chase Online - Logon' in l:
            score.append(('PHISHING', ''))
+        if re.compile('User-Agent.*cpuminer').match(l):
+            score.append(('CRYPTO', ''))
        previous_line = l

    if line_num < 20: