mirror of
https://github.com/valitydev/signature-base.git
synced 2024-11-06 18:15:20 +00:00
15 lines
459 B
Plaintext
15 lines
459 B
Plaintext
|
|
rule ChinaChopper_Generic {
|
|
meta:
|
|
description = "China Chopper Webshells - PHP and ASPX"
|
|
license = "https://creativecommons.org/licenses/by-nc/4.0/"
|
|
author = "Florian Roth"
|
|
reference = "https://www.fireeye.com/content/dam/legacy/resources/pdfs/fireeye-china-chopper-report.pdf"
|
|
date = "2015/03/10"
|
|
strings:
|
|
$aspx = /%@\sPage\sLanguage=.Jscript.%><%eval\(Request\.Item\[.{,100}unsafe/
|
|
$php = /<?php.\@eval\(\$_POST./
|
|
condition:
|
|
1 of them
|
|
}
|