jstrosch · August 10, 2021 21:57
diff --git a/gistfile1.txt b/gistfile1.txt
 Originally reported: https://twitter.com/James_inthe_box/status/1425187264435429378

 2021-08-10 14:47:22,752 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://regiontreasure.com/js/vendor/option.php )
 2021-08-10 14:47:24,001 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://ishaninfocom.com/images/Newimage/core.lib.php )
 2021-08-10 14:48:16,637 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://glasstryon.com/webcamjs/flash/com/adobe/images/viewer.php )
 2021-08-10 14:48:32,720 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://toucan.webiknows.net/vendor/swiper/css/type.php )
 2021-08-10 14:49:03,635 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://essennvalves.in/essennvalves.in/plugins/material-design-iconic-font/css/app.class.php )
 2021-08-10 14:49:47,965 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://elearning.thegurukulonline.com/class_8/Computer/app.class.php )
 2021-08-10 14:50:36,629 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://elearning.thegurukulonline.com/class_8/class.php )
 2021-08-10 14:50:51,032 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://multiangle.prodesigners.uk/v2/js/main/class.cache.php )
 2021-08-10 14:51:30,190 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://impelzone.com/img/intro-carousel/core.lib.php )
 2021-08-10 14:51:56,167 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://crm.saleseos.com/assets_rectangular/js/plugins/editors/ace/lib.class.php )
 2021-08-10 14:52:22,933 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://bentoecompanhia.seusite.jp/res/emailtemplates/api.inc.php )
 2021-08-10 14:52:52,203 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://bentoecompanhia.seusite.jp/res/options.php )
 2021-08-10 14:53:04,155 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://nyshajewels.in/images/Jewels/data.php )
 2021-08-10 14:53:16,966 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://www.faizanengg.com/wp-content/plugins/kirki/modules/css/lib.core.php )
 2021-08-10 14:54:53,085 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://taris.egom-2.com/dompdf-0.6.1/www/test/images/bmp/authorize.php )

 ************************* CONSOLE STORAGE - SUMMARY **************************

 <=====   regiontreasure.com  =====>
 	[YARAProcessing] ['protected_webshell']( https://regiontreasure.com/js/vendor/option.php )
 		[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca

 <=====   ishaninfocom.com  =====>
 	[YARAProcessing] ['protected_webshell']( https://ishaninfocom.com/images/Newimage/core.lib.php )
 		[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca

 <=====   crm.saleseos.com  =====>
 	[YARAProcessing] ['protected_webshell']( https://crm.saleseos.com/assets_rectangular/js/plugins/editors/ace/lib.class.php )
 		[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca

 <=====   glasstryon.com  =====>
 	[YARAProcessing] ['protected_webshell']( https://glasstryon.com/webcamjs/flash/com/adobe/images/viewer.php )
 		[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca

 <=====   www.faizanengg.com  =====>
 	[YARAProcessing] ['protected_webshell']( https://www.faizanengg.com/wp-content/plugins/kirki/modules/css/lib.core.php )
 		[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca

 <=====   toucan.webiknows.net  =====>
 	[YARAProcessing] ['protected_webshell']( https://toucan.webiknows.net/vendor/swiper/css/type.php )
 		[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca

 <=====   essennvalves.in  =====>
 	[YARAProcessing] ['protected_webshell']( https://essennvalves.in/essennvalves.in/plugins/material-design-iconic-font/css/app.class.php )
 		[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca

 <=====   elearning.thegurukulonline.com  =====>
 	[YARAProcessing] ['protected_webshell']( https://elearning.thegurukulonline.com/class_8/Computer/app.class.php )
 		[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca
 	[YARAProcessing] ['protected_webshell']( https://elearning.thegurukulonline.com/class_8/class.php )
 		[SHA256] 75520d2bb86140c272b8ab15fb4ae55621e3b64828a0fd1393c31a00ea3a426b

 <=====   multiangle.prodesigners.uk  =====>
 	[YARAProcessing] ['protected_webshell']( https://multiangle.prodesigners.uk/v2/js/main/class.cache.php )
 		[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca

 <=====   impelzone.com  =====>
 	[YARAProcessing] ['protected_webshell']( https://impelzone.com/img/intro-carousel/core.lib.php )
 		[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca

 <=====   bentoecompanhia.seusite.jp  =====>
 	[YARAProcessing] ['protected_webshell']( https://bentoecompanhia.seusite.jp/res/emailtemplates/api.inc.php )
 		[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca
 	[YARAProcessing] ['protected_webshell']( https://bentoecompanhia.seusite.jp/res/options.php )
 		[SHA256] 75520d2bb86140c272b8ab15fb4ae55621e3b64828a0fd1393c31a00ea3a426b

 <=====   nyshajewels.in  =====>
 	[YARAProcessing] ['protected_webshell']( https://nyshajewels.in/images/Jewels/data.php )
 		[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca

 <=====   taris.egom-2.com  =====>
 	[YARAProcessing] ['protected_webshell']( https://taris.egom-2.com/dompdf-0.6.1/www/test/images/bmp/authorize.php )
 		[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca
	Originally reported: https://twitter.com/James_inthe_box/status/1425187264435429378

	2021-08-10 14:47:22,752 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://regiontreasure.com/js/vendor/option.php )
	2021-08-10 14:47:24,001 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://ishaninfocom.com/images/Newimage/core.lib.php )
	2021-08-10 14:48:16,637 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://glasstryon.com/webcamjs/flash/com/adobe/images/viewer.php )
	2021-08-10 14:48:32,720 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://toucan.webiknows.net/vendor/swiper/css/type.php )
	2021-08-10 14:49:03,635 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://essennvalves.in/essennvalves.in/plugins/material-design-iconic-font/css/app.class.php )
	2021-08-10 14:49:47,965 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://elearning.thegurukulonline.com/class_8/Computer/app.class.php )
	2021-08-10 14:50:36,629 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://elearning.thegurukulonline.com/class_8/class.php )
	2021-08-10 14:50:51,032 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://multiangle.prodesigners.uk/v2/js/main/class.cache.php )
	2021-08-10 14:51:30,190 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://impelzone.com/img/intro-carousel/core.lib.php )
	2021-08-10 14:51:56,167 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://crm.saleseos.com/assets_rectangular/js/plugins/editors/ace/lib.class.php )
	2021-08-10 14:52:22,933 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://bentoecompanhia.seusite.jp/res/emailtemplates/api.inc.php )
	2021-08-10 14:52:52,203 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://bentoecompanhia.seusite.jp/res/options.php )
	2021-08-10 14:53:04,155 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://nyshajewels.in/images/Jewels/data.php )
	2021-08-10 14:53:16,966 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://www.faizanengg.com/wp-content/plugins/kirki/modules/css/lib.core.php )
	2021-08-10 14:54:53,085 — SubCrawl — INFO — [YARA] Matches - protected_webshell (https://taris.egom-2.com/dompdf-0.6.1/www/test/images/bmp/authorize.php )

	*********************** CONSOLE STORAGE - SUMMARY ************************

	<===== regiontreasure.com =====>
	[YARAProcessing] ['protected_webshell']( https://regiontreasure.com/js/vendor/option.php )
	[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca

	<===== ishaninfocom.com =====>
	[YARAProcessing] ['protected_webshell']( https://ishaninfocom.com/images/Newimage/core.lib.php )
	[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca

	<===== crm.saleseos.com =====>
	[YARAProcessing] ['protected_webshell']( https://crm.saleseos.com/assets_rectangular/js/plugins/editors/ace/lib.class.php )
	[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca

	<===== glasstryon.com =====>
	[YARAProcessing] ['protected_webshell']( https://glasstryon.com/webcamjs/flash/com/adobe/images/viewer.php )
	[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca

	<===== www.faizanengg.com =====>
	[YARAProcessing] ['protected_webshell']( https://www.faizanengg.com/wp-content/plugins/kirki/modules/css/lib.core.php )
	[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca

	<===== toucan.webiknows.net =====>
	[YARAProcessing] ['protected_webshell']( https://toucan.webiknows.net/vendor/swiper/css/type.php )
	[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca

	<===== essennvalves.in =====>
	[YARAProcessing] ['protected_webshell']( https://essennvalves.in/essennvalves.in/plugins/material-design-iconic-font/css/app.class.php )
	[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca

	<===== elearning.thegurukulonline.com =====>
	[YARAProcessing] ['protected_webshell']( https://elearning.thegurukulonline.com/class_8/Computer/app.class.php )
	[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca
	[YARAProcessing] ['protected_webshell']( https://elearning.thegurukulonline.com/class_8/class.php )
	[SHA256] 75520d2bb86140c272b8ab15fb4ae55621e3b64828a0fd1393c31a00ea3a426b

	<===== multiangle.prodesigners.uk =====>
	[YARAProcessing] ['protected_webshell']( https://multiangle.prodesigners.uk/v2/js/main/class.cache.php )
	[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca

	<===== impelzone.com =====>
	[YARAProcessing] ['protected_webshell']( https://impelzone.com/img/intro-carousel/core.lib.php )
	[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca

	<===== bentoecompanhia.seusite.jp =====>
	[YARAProcessing] ['protected_webshell']( https://bentoecompanhia.seusite.jp/res/emailtemplates/api.inc.php )
	[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca
	[YARAProcessing] ['protected_webshell']( https://bentoecompanhia.seusite.jp/res/options.php )
	[SHA256] 75520d2bb86140c272b8ab15fb4ae55621e3b64828a0fd1393c31a00ea3a426b

	<===== nyshajewels.in =====>
	[YARAProcessing] ['protected_webshell']( https://nyshajewels.in/images/Jewels/data.php )
	[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca

	<===== taris.egom-2.com =====>
	[YARAProcessing] ['protected_webshell']( https://taris.egom-2.com/dompdf-0.6.1/www/test/images/bmp/authorize.php )
	[SHA256] 6abf737186523a962f94e0e6b6bed5f5ab9238d3fddfc173d8ef83b67400d4ca