generic_javascript_obfuscation in hb.vntsm.com

On 2019-11-27T04:32:03.575719+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://hb.vntsm.com/v3/live/ad-manager…

The suspicious code sample:

b'\\x20' … b'\\xa0' … b'atob' … b'"mhlMtnISrt2QFHlnECLplsRXDAA"' … b'"venatusmedia1471000561904"' … b'"getOldestHighestCpmBid"' … b'"getLatestHighestCpmBid"' … b'"3021300906052b0e03021a05000414"' … b'"302d300d06096086480165030402040500041c"' … b'"3031300d060960864801650304020105000420"' … b'"3041300d060960864801650304020205000430"' … b'"3051300d060960864801650304020305000440"' … b'"3021300906052b2403020105000414"' … b'"tripleliftAdapterSpec"'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!