generic_javascript_obfuscation in mangovideo.pw

On 2019-06-09T19:24:13.819519+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page http://mangovideo.pw/

The suspicious code sample:

b'var m=["\\u002f\\x2fc\\u0031.\\u0070\\u006f\\x70\\x61\\u0064\\x73\\x2en\\u0065t\\x2f\\u0070\\x6fp.\\x6a\\x73","\\x2f\\x2f\\u00632.po\\x70a\\x64s.\\u006e\\u0065\\x74/p\\u006f\\u0070\\u002ej\\x73","\\x2f\\x2fw\\u0077w.y\\u006c\\u0071biljj\\u006c\\x79q.\\x63\\x6f\\u006d\\u002fr\\u0061k\\x75.js","\\u002f\\x2fww\\x77\\x2ew\\u0072\\x78\\u0069\\x76\\x6cc\\u006cw\\x2e\\x63\\x6f\\x6d\\x2f\\u0061\\x2e\\u006a\\x73",""],k=0,n,v=function(){if(""==m[k])return;n=q["\\u0064oc\\x75\\u006d\\u0065\\x6e\\x74"]["c\\u0072ea\\x74\\u0065E\\u006ce\\u006de\\u006et"]("s\\x63\\u0072\\x69p\\x74");n["\\x74\\u0079' … b'\\x5f' … b'\\x6f' … b'\\x70' … b'\\x69' … b'\\x65' … b'\\x49' … b'\\x69' … b'\\x6f' … b'\\x65' … b'\\x6e' … b'\\x64' … b'\\x66' … b'\\x2f' … b'\\x74' … b'\\x65' … b'\\x72' … b'\\x74' … b'\\x2e' … b'\\x69' … b'\\x6f' … b'\\x2f' … b'\\x62' … b'\\x75' … b'\\x57' … b'\\x76' … b'\\x62' … b'\\x42' … b'\\x5a' … b'\\x76' … b'\\x68' … b'\\x2f' … b'\\x54' … b'\\x4a' … b'\\x4e' … b'\\x54' … b'\\x68' … b'\\x56' … b'\\x45' … b'\\x4e' … b'\\x67' … b'\\x67' … b'\\x75' … b'\\x72' … b'\\x44' … b'\\x79' … b'\\x6f' … b'\\x61' … b'\\x65' … b'\\x2f' … b'\\x70' … b'\\x61' … b'\\x2e' … b'\\x2f' … b'\\x6f' … b'\\x6a' … b'\\x2f' … b'\\x2f' … b'\\x70' … b'\\x64' … b'\\x74' … b'\\x2f' … b'\\x2f' … b'\\x79' … b'\\x6f' … b'\\x75' … b'\\x2f' … b'\\x77' … b'\\x2e' … b'\\x78' … b'\\x76' … b'\\x2e' … b'\\x6f' … b'\\x2f' … b'\\x2e' … b'\\x75' … b'\\x6e' … b'\\x74' … b'\\x74' … b'\\x69' … b'\\x74' … b'\\x74' … b'\\x65' … b'\\x74' … b'\\x65' … b'\\x74' … b'\\x76' … b'\\x72' … b'\\x79' … b'\\x64' … b'\\x75' … b'\\x67' … b'\\x65' … b'\\x79' … b'\\x54' … b'\\x4e' … b'\\x65' … b'\\x72' … b'\\x69' … b'\\x67' … b'\\x61' … b'\\x6f' … b'\\x79' … b'\\x75' … b'\\x6e' … b'\\x65' … b'\\x72' … b'\\x70' … b'\\x69' … b'\\x65' … b'\\x42' … b'\\x66'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!