generic_javascript_obfuscation in wilburshort.pro

On 2019-10-04T20:17:57.400077+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://wilburshort.pro/v2/a/pop/imp

The suspicious code sample:

b'atob' … b'atob' … b'atob' … b"'bG9jYWxfZGF0ZV90aW1l'" … b"'cmVzb2x2ZWRPcHRpb25z'" … b"'bXNNYXhUb3VjaFBvaW50cw=='" … b"'Y29va2llc19lbmFibGVk'" … b"'X193ZWJkcml2ZXJfZXZhbHVhdGU='" … b"'X19zZWxlbml1bV9ldmFsdWF0ZQ=='" … b"'X193ZWJkcml2ZXJfc2NyaXB0X2Z1bmN0aW9u'" … b"'X193ZWJkcml2ZXJfc2NyaXB0X2Z1bmM='" … b"'X193ZWJkcml2ZXJfc2NyaXB0X2Zu'" … b"'X19meGRyaXZlcl9ldmFsdWF0ZQ=='" … b"'X19kcml2ZXJfdW53cmFwcGVk'" … b"'X193ZWJkcml2ZXJfdW53cmFwcGVk'" … b"'X19kcml2ZXJfZXZhbHVhdGU='" … b"'X19zZWxlbml1bV91bndyYXBwZWQ='" … b"'X19meGRyaXZlcl91bndyYXBwZWQ='" … b"'X1NlbGVuaXVtX0lERV9SZWNvcmRlcg=='" … b"'ZG9jdW1lbnRFbGVtZW50'" … b"'c2V0UmVxdWVzdEhlYWRlcg=='" … b"'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='" … b'"ZVYGMhNTDxYFAExQW1wcMRQIHRUSDQRnVFVbXUoWCUI="'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!