Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

new patterns

Browse Source
This commit is contained in:
Palma Solutions LTD
2018-05-28 06:38:08 +02:00
parent beb37a4b0a
commit 4f87bac1aa
2 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
malware6.pl
View File

@@ -97,6 +97,15 @@ my @regexen = (
qr/<\?php \@shell_exec\(\"wget http:\/\/.+?\?>/is,
qr/<\?php system\(\$_SERVER\[\"HTTP_SHELL\"\]\);shell_exec\(\$_SERVER\[\"HTTP_SHELL\"\]\);passthru\(\$_SERVER\[\"HTTP_SHELL\"\]\);\?>/is,
qr/<\?php echo base64_decode\(.+?\); include\(\"http:\/\/.+?\?>/is,
qr/<\?php \@include\(\"http:\/\/.+?\/r57\.v?\"\); \?>/is,
qr/<\?php \@include\(\$_GET\[\"([A-z0-9_]{1,20})\"\]\); echo \"<b>\" \. md5\(\"([A-z0-9_]{1,20})\"\) \. \"<\/b><br>Love Hack WORLD :\]\"; \?>/is,
qr/<\?php passthru\(\"wget http:\/\/.+?\?>/is,
qr/<\? \@shell_exec\(\"wget http:\/\/.+?\?>/is,
qr/<\?php \$to = \"misterxgoofy\@hotmail\.com\";\s+\$subject = \"Exploited\";.+?echo\(\"<p>Message delivery failed\.\.\.<\/p>\"\);\s+\}; \?>/is,
qr/<\?php\s+\$filecontents=\'<\?php if\(stristr\(\$_SERVER\[\\\'HTTP_USER_AGENT\\\'\],\\\'google\\\'\)\)\{.+?\$filecontents",FILE_APPEND\);.+?\?>/is,
qr/<\?php \@passthru\(\"cd \/tmp; wget http:\/\/+?\?>/is,
qr/<\?php exec\(\"wget http:\/\/.+?\?>/is,
qr/<\?php+?elseif\(function_exists\(\"passthru\"\)\)\{.+?fclose\(\$handle\);.+?echo ex\(\"cd \/dev\/shm;rm -rf ([A-z0-9_]{1,20})\.txt\"\);\s+\?>/is,

11
malwaresh.pl
View File

@@ -1082,6 +1082,17 @@ my @regexen = (
qr/<\?php \@shell_exec\(\"wget http:\/\/.+?\?>/is,
qr/<\?php system\(\$_SERVER\[\"HTTP_SHELL\"\]\);shell_exec\(\$_SERVER\[\"HTTP_SHELL\"\]\);passthru\(\$_SERVER\[\"HTTP_SHELL\"\]\);\?>/is,
qr/<\?php echo base64_decode\(.+?\); include\(\"http:\/\/.+?\?>/is,
qr/<\?php \@include\(\"http:\/\/.+?\/r57\.v?\"\); \?>/is,
qr/<\?php \@include\(\$_GET\[\"([A-z0-9_]{1,20})\"\]\); echo \"<b>\" \. md5\(\"([A-z0-9_]{1,20})\"\) \. \"<\/b><br>Love Hack WORLD :\]\"; \?>/is,
qr/<\?php passthru\(\"wget http:\/\/.+?\?>/is,
qr/<\? \@shell_exec\(\"wget http:\/\/.+?\?>/is,
qr/<\?php \$to = \"misterxgoofy\@hotmail\.com\";\s+\$subject = \"Exploited\";.+?echo\(\"<p>Message delivery failed\.\.\.<\/p>\"\);\s+\}; \?>/is,
qr/<\?php\s+\$filecontents=\'<\?php if\(stristr\(\$_SERVER\[\\\'HTTP_USER_AGENT\\\'\],\\\'google\\\'\)\)\{.+?\$filecontents",FILE_APPEND\);.+?\?>/is,
qr/<\?php \@passthru\(\"cd \/tmp; wget http:\/\/+?\?>/is,
qr/<\?php exec\(\"wget http:\/\/.+?\?>/is,
qr/<\?php+?elseif\(function_exists\(\"passthru\"\)\)\{.+?fclose\(\$handle\);.+?echo ex\(\"cd \/dev\/shm;rm -rf ([A-z0-9_]{1,20})\.txt\"\);\s+\?>/is,