generic_javascript_obfuscation in dewhethelesa.info

On 2019-09-03T19:33:21.529794+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://dewhethelesa.info/SYOLDZ?tag_id…

The suspicious code sample:

b'atob' … b'"elplVXUheFx7RFh2R2JGTWtXZ1dWeBUxBhEFVGFFTWJdbVdWeEhgR0JrUmRHSm1QbEZDbVFnREhqR3lXTz5QbRNKa1B4TB9iUXhBGThUeBdJYwB4QBlsUWETHGgAMEcceEl3NzQgJCw4EhwyPBAMAFVnRx8UHCU9HG0ULDYva1UGMEkWIiQ6HBAJAkM0F1Y/QiMJDixMDCsXJyIfMVUCLyVoCXgsPm0hJxESbTY3Bjg8Vjk8QgwJETQZeEl3FhY1FjBXVngXMBETKAA2AVh2RycQHjMXMBYOeEllWVgyESEFCX9WFFBIHEBnMxg/FiEUHjgMMVsZNQhwRzw7AyBbCjIVcEY8IAo7EBM+QGYxSGpTbENLYkBnQww7F3BGPnhJdxoZLjpkRlh2R3dZWHhJd1dWPAQ5Bh92AzQZCT9JOwAWNkl4RFZ4R3kTGzYWMFkULwk5WRQvCTlZWCgAMRwIPwYhV1Y8BDkGH3YDNBkJP0kzFBYpAHkTGzYWMFlYKAA'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!