generic_javascript_obfuscation in d1af033869koo7.cloudfront.net

On 2019-06-06T09:16:17.752341+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page http://d1af033869koo7.cloudfront.net/ps…

The suspicious code sample:

b'atob' … b'"campaignSplitCondition"' … b'"usingThirdPartyCookie"' … b'"WebEarlyPageLoadEvent"' … b'"OnlineInvitationOfferEvent"' … b'"OnlineInvitationResponseEvent"' … b'"OnlineInvitationResponseEvent"' … b'"OnlineInvitationResponseEvent"' … b'"OnlineScreenUnloadEvent"' … b'"ChatAvailabilityCheckEvent"' … b'"OnlineInteractionRequestEvent"' … b'"OnlineInteractionConnectionToAgentEvent"' … b'"OnlineSessionEndEvent"' … b'"OnlineInteractionTransferEvent"' … b'"OnlineScreenLoadEvent"' … b'"OnlineSurveySubmitEvent"' … b'"OnlineScreenLoadEvent"' … b'"AssistInteractionMessageEvent"' … b'"OnlineInvitationOfferEvent"' … b'"OnlineInvitationResponseEvent"' … b'"OnlineInvitationOfferEvent"' … b'"WebEnvironmentNotSupportedEvent"'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!