generic_javascript_obfuscation in ningruartorit.pro

On 2019-09-07T08:56:43.133995+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://ningruartorit.pro/OFOAVD?tag_id…

The suspicious code sample:

b'atob' … b'"TXZQTTAWVGljAW9acnoDekdifxJhVCApQyYpYXkAek5odRJhVH1/AHhPaH4IeUJmdQN/RGV0AnpHcmESexVoKFIoQWRgBX8XZmAEfEAzYFF0EGhgVnoXNHoJfBNoK1YvVHxvcgcuJSN7IxkgD3gLMg8PWT48HQoJfBUDFG95HTh5BCI9BC5VAj5kO34iAyorYxo4HRhAISxmOQcaNCYefisSH39FDERlH1ZgDCIXeAIwCB5bGg4lKmkcVHxvUyEZIygSYVQiKFQkBDUuRG9acj9VKR8iKFM5VHx9HG8eJDlAPlNjDBV/MHV/di8TIzlRKRQ5KR4uGT1oAgsXNjgePR4gaAMLDD8jVSQSdX50f0ZmdAZ8TnV/BjsXImgDCVR8b18uAg98A29acm8cb1R8bxJhEDEhQyhaNixcPhN8I0UhGnxgAWFUcmFWLBojKBwjAzwhHCMDPCEcbwQ1KVk/EzM5EmEQMSFDKFo2LFw+E3wrUSEFNWFWLBojKBxvBDU'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!