08e8d462fe
RED PILL 🔴 💊
13 lines
395 B
Text
13 lines
395 B
Text
|
|
rule ChinaChopper_Generic {
|
|
meta:
|
|
description = "China Chopper Webshells - PHP and ASPX"
|
|
author = "Florian Roth"
|
|
reference = "https://www.fireeye.com/content/dam/legacy/resources/pdfs/fireeye-china-chopper-report.pdf"
|
|
date = "2015/03/10"
|
|
strings:
|
|
$aspx = /%@\sPage\sLanguage=.Jscript.%><%eval\(RequestItem\[.{,100}unsafe/
|
|
$php = /<?php.\@eval\(\$_POST./
|
|
condition:
|
|
1 of them
|
|
}
|