Markdown cleanups

bediger4000 · bediger4000 · commit dba3461876f7 · 2018-03-19T20:42:27.000-06:00
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# php-malware-analysis
+# PHP Malware Analysis
 
 Rough cut analysis of PHP source code that I got via
 running a [WordPress honey pot](http://stratigery.com/phparasites)
@@ -44,6 +44,8 @@ of this kind of collection and analysis.
 * Password guessing campaigns
 * Methods of download, commonality with other malware
 * Common "dropper" code usage
+* Common phone-home code
+* Common back-connect shell code (usually Perl)
 * Methods of encoding/encryption (e.g. FOPO)
 * Geolocation of attacking IP
 * Campaign(s) associated with a specific malware
diff --git a/campaign1/README.md b/campaign1/README.md
@@ -1,4 +1,4 @@
-# Turkish Ayyıldız m TiHacking Campaign
+# Turkish AyyıldıTim Hacking Campaign
 
 75 [HTTP accesses](access_log) from 
 18/Mar/2018:07:37:01 -0600 to 18/Mar/2018:07:41:36 -0600
diff --git a/customizer-ui-experimenks.php/README.md b/customizer-ui-experimenks.php/README.md
@@ -1,4 +1,4 @@
-also # Two Automated Download2
+# Two Automated Downloads
 
 A compiled executable that is suppposed to run
 in the background, and Web Shell by oRb (WSO) version 2.5 with a blob of added code.
diff --git a/general.php/README.md b/general.php/README.md
@@ -1,4 +1,4 @@
-# general.php - web shel2
+# general.php - web shell
 
 Seems to be a slightly modified WSO (web shell by oRb) web shell.
 
diff --git a/php.backdoor.vpsp.001/README.md b/php.backdoor.vpsp.001/README.md
@@ -1,4 +1,4 @@
-# gate.php - 
+# gate.php - backdoor
 
 A little googling says this code is [php.backdoor.vpsp.001](https://kb.sucuri.net/malware/signatures/php.backdoor.vpsp.001)
 
diff --git a/phpd.local/extracted/phpd.local/README.md b/phpd.local/extracted/phpd.local/README.md
@@ -1,5 +1,6 @@
-psocksd
-=======
+# psocksd
+
+------
 
 Extensible SOCKS tunnel / proxy server daemon written in PHP
 

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-# Turkish AyyÄ±ldÄ±z m TiHacking Campaign`
	`1`	`+# Turkish AyyÄ±ldÄ±Tim Hacking Campaign`
`2`	`2`
`3`	`3`	`75 [HTTP accesses](access_log) from`
`4`	`4`	`18/Mar/2018:07:37:01 -0600 to 18/Mar/2018:07:41:36 -0600`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-also # Two Automated Download2`
	`1`	`+# Two Automated Downloads`
`2`	`2`
`3`	`3`	`A compiled executable that is suppposed to run`
`4`	`4`	`in the background, and Web Shell by oRb (WSO) version 2.5 with a blob of added code.`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-# general.php - web shel2`
	`1`	`+# general.php - web shell`
`2`	`2`
`3`	`3`	`Seems to be a slightly modified WSO (web shell by oRb) web shell.`
`4`	`4`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-# gate.php -`
	`1`	`+# gate.php - backdoor`
`2`	`2`
`3`	`3`	`A little googling says this code is [php.backdoor.vpsp.001](https://kb.sucuri.net/malware/signatures/php.backdoor.vpsp.001)`
`4`	`4`