generic_javascript_obfuscation in rodhaengefdr.info

On 2019-09-08T07:57:47.298045+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://rodhaengefdr.info/SYOLDZ?tag_id…

The suspicious code sample:

b'atob' … b'"bFk5WmI3ewB0U051G21RW2gLaEBAe0k+EQcGCG5SW2EBYkBAexRvUFRoDmtQXG4MY1FVbg1oU15pG3ZAWT0MYgRcaAx3WwlhDXdWDzsIdwBfYFx3Vw9vDW4ECmtcP1AKexV4ICsMXRA2BQtfDSEKMQswMQsvCh03L29cP1Y1F3oYMEEfSWINKWxLKlMLFABsK15pYxFUWClbGQYcIAk8UD1vUTtaAw4KPBYmb1IsEA8KCSs1GAtMMyRUexV4AQA2Sj9AQHtLPwYFK1w5Fk51GygHCDBLPwEYexVqTk4xTS4SH3wKG0deHxxoJA48Si4DCDtQPkwPNlR/UCo4Xy9MHDFJf1EqI1Y0BwU9HGkmXmkPY1RdYRxoVBo4S39RKHsVeA0PLWZrUU51G3hOTnsVeEBAP1g2EQl1XzsOHzwVNBcANRV3U0B7G3YEDTVKP04CLFU2TgIsVTZOTitcPgsePFouQEA/WDYRCXVfOw4fPBU8AwAqXHYEDTVKP05OK1w'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!