generic_javascript_obfuscation in nlighttomayorw.info

On 2019-12-02T03:03:24.979469+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://nlighttomayorw.info/GUWCBJ?tag_…

The suspicious code sample:

b'atob' … b'"SFNVS04TcWxlfGp/d3N8eWthcmxkcXdnbH1lYXx6f2Jhf3l/ZGR4fXlgYnpsZHFlKiotZjRzfWU2Zi8oZWdsKHxlMmN8KGVrYSp4fmtmfihwYTNpYmoRGTJ7JmZlegotYxksOXEpERt5Ij8BBRoiBCY6ETkDIj06LTFkfj5xABc9DRERMDF3GWURDgMuZiwABQwmMTs+KiIlHQwwOjcCFwYUYS0cGzh4BjQDaj5pYmowOSQ9LXF5aS0kPCYubGRxNichOzZ3Z35kcXdnbCo/NCUlan93aWJqcXlpbGQ1NCc9LX8zKiI7NnkQbCYxNy1sZHElJXwjcXlpKC0qbWliaisweztqf3c8diE2d2dsOydseWxkcTEnOCFxeWk8JSs9aWJqPzgud2p/dy40PTx3Z2w4Y3dnbDhid2dsOGF3Z2w4YHdnbDhnd2dsOGZ3Z2w4ZXdnbDhkd2dsOGt3Z2w4andnbDhiZWkTZGR5aWxkNTQnPS1/Oz4iJH87PiIkf3c'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!