generic_javascript_obfuscation in v2a.nucleo.ml

On 2019-07-09T23:56:58.130984+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://v2a.nucleo.ml/input.js

The suspicious code sample:

b'atob' … b'atob' … b'atob' … b"'daeea48c461263752a037d9bd7751903'" … b"'d02cb0c04a2280c464bc9cb9906b26fe'" … b"'4f9d0f13536e189b557f30e3338e07ec'" … b"'getElementsByTagName'" … b"'N2EK5kEhLeO2weAbZkmHCs5lPKa4u5Db'"

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!