PossibleShellcodePattern in www.mailsolution.pl

On 2019-06-12T10:39:03.926216+00:00 we found suspicious pattern PossibleShellcodePattern, type: Suspicious, (Sequence of JavaScript unescaped binary characters that may be an attempt to load a shellcode) in the page http://www.mailsolution.pl/

The suspicious code sample:

b'unescape' … b'unescape' … b'unescape' … b'unescape' … b"document.write(unescape('%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%74%6e%6f%67%69%65%63%40%6d%61%69%6c%73%6f%6c%75%74%69%6f%6e%2e%70%6c%22%3e%74%6e%6f%67%69%65%63%40%6d%61%69%6c%73%6f%6c%75%74%69%6f%6e%2e%70%6c%3c%2f%61%3e'" … b"document.write(unescape('%3C%61%20%68%72%65%66%3D%22%6D%61%69%6C%74%6F%3A%64%61%64%61%6D%69%61%6B%40%6D%61%69%6C%73%6F%6C%75%74%69%6F%6E%2E%70%6C%22%3E%64%61%64%61%6D%69%61%6B%40%6D%61%69%6C%73%6F%6C%75%74%69%6F%6E%2E%70%6C%3C%2F%61%3E%09%09'" … b"document.write(unescape('%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%70%73%6f%62%6f%6e%40%6d%61%69%6c%73%6f%6c%75%74%69%6f%6e%2e%70%6c%22%3e%70%73%6f%62%6f%6e%40%6d%61%69%6c%73%6f%6c%75%74%69%6f%6e%2e%70%6c%3c%2f%61%3e'" … b"document.write(unescape('%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%69%6e%66%6f%40%6d%61%69%6c%73%6f%6c%75%74%69%6f%6e%2e%70%6c%22%3e%69%6e%66%6f%40%6d%61%69%6c%73%6f%6c%75%74%69%6f%6e%2e%70%6c%3c%2f%61%3e'"

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!