generic_javascript_obfuscation in config.seedtag.com

On 2019-06-06T21:21:06.379226+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://config.seedtag.com/st_4.77655ec…

The suspicious code sample:

b'\\x01' … b'\\x01' … b'\\x01' … b'\\x00' … b'\\x1f' … b'\\x80' … b'\\xa0' … b'\\x01' … b'\\xF6' … b'atob' … b'atob' … b'"ace/lib/fixoldbrowsers"' … b'"ace/lib/fixoldbrowsers"' … b'"ace/keyboard/textinput"' … b'"ace/keyboard/keybinding"' … b'"ace/mode/behaviour/cstyle"' … b'"ace/mode/behaviour/cstyle"' … b'"navigateWithinSoftTabs"' … b'"toggleParentFoldWidget"' … b'"removetolinestarthard"' … b'"ace/lib/fixoldbrowsers"' … b'"ace/keyboard/textinput"' … b'"ace/keyboard/keybinding"' … b'"highlightSelectedWord"' … b'"wrapBehavioursEnabled"' … b'"wrapBehavioursEnabled"' … b'"hScrollBarAlwaysVisible"' … b'"vScrollBarAlwaysVisible"' … b'"scrollbarVisibilityChanged"' … b'"application/javascript"' … b'"application/javascript"' … b'"addCursorAboveSkipCurrent"' … b'"addCursorBelowSkipCurrent"' … b'"ace/lib/fixoldbrowsers"' … b'"enableBasicAutocompletion"' … b'"componentWillReceiveProps"' … b'"componentWillReceiveProps"' … b'"ace/mode/folding/cstyle"' … b'"ace/mode/behaviour/cstyle"' … b'"ace/mode/folding/cstyle"' … b'"ace/mode/javascript/jshint"' … b'"ace/mode/javascript/jshint"' … b'"ace/mode/behaviour/xml"' … b'"ace/mode/behaviour/xml"' … b'"ace/mode/folding/cstyle"' … b'"ace/mode/behaviour/cstyle"' … b'"ace/mode/folding/cstyle"' … b'"dangerouslySetInnerHTML"' … b'"unmountComponentAtNode"' … b'"componentWillReceiveProps"'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!