-
Notifications
You must be signed in to change notification settings - Fork 34
/
Copy pathlw-rules_index.yar
170 lines (170 loc) · 6.91 KB
/
lw-rules_index.yar
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
include "./includes/FOPO.yar"
include "./includes/cache-mailer.yar"
include "./includes/mailer1.yar"
include "./includes/miner.yar"
include "./includes/WShell_PHP_Anuna.yar"
include "./includes/eitest1.yar"
include "./includes/drupal-CPREA57Webshell.yar"
include "./includes/php-gen-0.yar"
include "./includes/miner-config.yar"
include "./includes/crypto-jacking-0.yar"
include "./includes/crypto-jacking-1.yar"
include "./includes/drupalgeddon-0.yar"
include "./includes/CPR4616Webshell.yar"
include "./includes/PHP-Mailer-K.yar"
include "./includes/indo-exploit.yar"
include "./includes/cpanel-brute.yar"
include "./includes/symlink-tool.yar"
include "./includes/phishing-actors.yar"
include "./includes/well-phishing0001.yar"
include "./includes/php-gen-1.yar"
include "./includes/alfa-shell.yar"
include "./includes/alfa-perl.yar"
include "./includes/me0w-js-miner.yar"
include "./includes/drupal-index-ico-injection.yar"
include "./includes/wordpress-injection-1.yar"
include "./includes/wordpress-injection-2.yar"
include "./includes/rfi-perl-bot.yar"
include "./includes/perl-socks-proxy.yar"
include "./includes/data_chaos_backdoor.yar"
include "./includes/dark-shell.yar"
include "./includes/media-shell.yar"
include "./includes/052618-drupalsite.yar"
include "./includes/annizod-xmr-miner.yar"
include "./includes/4700up-jpg.yar"
include "./includes/class_12371_uploader.yar"
include "./includes/scanner_obfuscated_shell.yar"
include "./includes/052918_case109.yar"
include "./includes/dedsec-symlinker.yar"
include "./includes/drupal.js-coinhive.yar"
include "./includes/netscrape_shell.yar"
include "./includes/day_uploader_shell.yar"
include "./includes/luk_miner.yar"
include "./includes/js-malvertising.yar"
include "./includes/shells_119.yar"
include "./includes/pass_shell.yar"
include "./includes/case116_a_miner_persistence.yar"
include "./includes/y_php_shell.yar"
include "./includes/prowli.yar"
include "./includes/BabaYaga.yar"
include "./includes/apache_XMR_MINER.yar"
include "./includes/paypal_phishing_kit_001.yar"
include "./includes/drupal_injection_001.yar"
include "./includes/drupal_injection_134.yar"
include "./includes/sig_7409295928_WSO_gen.yar"
include "./includes/magento_sucuri_001.yar"
include "./includes/drupal_138.yar"
include "./includes/weeman.yar"
include "./includes/wp-shells_case137.yar"
include "./includes/main_js_malvertising_139.yar"
include "./includes/inv_09854_exe.yar"
include "./includes/cryptojacking_signatures.yar"
include "./includes/tndtttttttt.yar"
include "./includes/Tryag-File-Manager-1.yar"
include "./includes/mass_bot_exploite_master.yar"
include "./includes/yertle.yar"
include "./includes/sans-xme-072818.yar"
include "./includes/master134.yar"
include "./includes/joomla-shell-case21.yar"
include "./includes/case32-db.yar"
include "./includes/case25-shells.yar"
include "./includes/case25-miners.yar"
include "./includes/itune-phish001.yar"
include "./includes/microsoft-phish001.yar"
include "./includes/tbl-status-shell.yar"
include "./includes/wp-thumb-081418.yar"
include "./includes/paypal_phishing_kit_002.yar"
include "./includes/match-phishing.yar"
include "./includes/x3d-phishing.yar"
include "./includes/adobe-phishing001.yar"
include "./includes/usaa-phishing001.yar"
include "./includes/linkedin-phish001.yar"
include "./includes/microsoft-phish002.yar"
include "./includes/malvertising-4dd6090f04.yar"
include "./includes/injection-032118.yar"
include "./includes/404-shell-032118.yar"
include "./includes/404-2-shell-032118.yar"
include "./includes/eitest_injection_1.yar"
include "./includes/test-shell-uploader.yar"
include "./includes/multi-miner-exe.yar"
include "./includes/perl-shell-082218.yar"
include "./includes/injection-082218.yar"
include "./includes/wordpress_admin_bd_082218.yar"
include "./includes/citibank-phishing-082318.yar"
include "./includes/upload-shell-082418.yar"
include "./includes/wordpress-index-injection.yar"
include "./includes/wordpress-settings-injection.yar"
include "./includes/symlink-bypass-082418.yar"
include "./includes/malvertising-redirect-082518.yar"
include "./includes/entabeam-phish.yar"
include "./includes/perl-darkmailer.yar"
include "./includes/pop_up_cache_082618.yar"
include "./includes/ws00-082618.yar"
include "./includes/fun-082618.yar"
include "./includes/docusign-phish-082618.yar"
include "./includes/chase-bank-phish-082718.yar"
include "./includes/chase-bank-phish2-082718.yar"
include "./includes/generic-phishing-082718.yar"
include "./includes/botnet-panel090118.yar"
include "./includes/solus-shell090218.yar"
include "./includes/general-phishing090318.yar"
include "./includes/alfa-shells090618.yar"
include "./includes/uploader-shell090618.yar"
include "./includes/logo-miner090618.yar"
include "./includes/stats5-090618.yar"
include "./includes/smartsheet091018.yar"
include "./includes/license-091918.yar"
include "./includes/hand092018.yar"
include "./includes/acme092018.yar"
include "./includes/searchtlp-092518.yar"
include "./includes/index-malware-092518.yar"
include "./includes/case117.yar"
include "./includes/uploader-092718.yar"
include "./includes/s3sshll-093018.yar"
include "./includes/case150-093018.yar"
include "./includes/1-shell-093018.yar"
include "./includes/earthlink-phish-093018.yar"
include "./includes/uploader-shells-093018.yar"
include "./includes/uploader-shell2-093018.yar"
include "./includes/cloki-09-30-18.yar"
include "./includes/xmlrpc-100218.yar"
include "./includes/620adjs_101118.yar"
include "./includes/magecart1.yar"
include "./includes/magecart2.yar"
include "./includes/magecart3.yar"
include "./includes/magecart4.yar"
include "./includes/magecart5.yar"
include "./includes/onedrive-phish101818.yar"
include "./includes/mirai-routerscripts102018.yar"
include "./includes/vul_jquery_fileupload_cve_2018_9206.yar"
include "./includes/saskmade-net-redirects.yar"
include "./includes/hotopponents-sites.yar"
include "./includes/newsletter.yar"
include "./includes/105mail-recon.yar"
include "./includes/simppell.yar"
include "./includes/fack.yar"
include "./includes/sucuri-wpcache.yar"
include "./includes/obfuscated-dde.yar"
include "./includes/c254853a.yar"
include "./includes/magecart-sotheby.yar"
include "./includes/hostingcloud-science.yar"
include "./includes/wordfence-botnet.yar"
include "./includes/maersk-phishing-121318.yar"
include "./includes/wso-encoded-123118.yar"
include "./includes/jiami-010119.yar"
include "./includes/tryag-cpanel.yar"
include "./includes/byob012619.yar"
include "./includes/total-donations-plugin.yar"
include "./includes/amadey-botnet012919.yar"
include "./includes/shells-013019.yar"
include "./includes/reports-022219.yar"
include "./includes/emotet-dropper.yar"
include "./includes/memoris.yar"
include "./includes/index-injection033019.yar"
include "./includes/xaishell.yar"
include "./includes/wordpress-bot-070419.yar"
include "./includes/navytitanium.yar"
include "./includes/navytitanium-122219.yar"
include "./includes/Navy-shells-072320.yar"
include "./includes/emotet-1013.yar"
include "./includes/blaze-sub-htvgevlk.yar"