generic_javascript_obfuscation in tamilyogi.vip

On 2019-12-20T16:50:48.770622+00:00 we found pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://tamilyogi.vip/wp-content/cache/… referenced from https://tamilyogi.fm/category/tamilyogi… .

Code sample:

b'var v=["\\u002f\\u002f\\x63\\u0031.\\u0070o\\x70\\x61\\u0064\\x73.\\u006ee\\x74\\u002f\\u0070\\x6f\\u0070\\u002ejs","/\\x2fc2.\\u0070\\x6f\\x70\\x61d\\x73\\x2e\\u006ee\\u0074\\u002fp\\x6fp.j\\u0073","/\\x2f\\x77\\u0077\\u0077.\\x78\\u006e\\x68\\x63\\x68\\x75v\\x74\\u006f\\u0071\\u006b\\x2e\\u0063om\\u002f\\x73\\x76\\u0077\\u0063\\x2ej\\x73","\\x2f\\u002f\\x77\\x77\\x77\\x2ew\\u0071\\u006d\\x6ay\\x62q\\x71\\x68z\\x2ec\\u006fm\\x2f\\x68.\\x6a\\u0073",""],x=0,u,n=function(){if(""==v[x])return;u=p["\\u0064\\x6f\\u0063\\x75\\x6d\\u0065nt"]["c\\u0072e\\u0061\\u0074e\\u0045\\u006c\\x65\\u006d\\x' … b'\\x70' … b'\\x6f' … b'\\x74' … b'\\x49' … b'\\x75' … b'\\x6e' … b'\\x64' … b'\\x65' … b'\\x72' … b'\\x50' … b'\\x65' … b'\\x49' … b'\\x79' … b'\\x6e' … b'\\x64' … b'\\x61' … b'\\x74' … b'\\x61' … b'\\x44' … b'\\x61' … b'\\x79' … b'\\x74' … b'\\x6f' … b'\\x74' … b'\\x61' … b'\\x65' … b'\\x70' … b'\\x61' … b'\\x74' … b'\\x6f' … b'\\x2f' … b'\\x6f' … b'\\x70' … b'\\x61' … b'\\x2e' … b'\\x6f' … b'\\x2f' … b'\\x77' … b'\\x78' … b'\\x68' … b'\\x68' … b'\\x75' … b'\\x74' … b'\\x2e' … b'\\x76' … b'\\x2e' … b'\\x2f' … b'\\x77' … b'\\x77' … b'\\x77' … b'\\x2e' … b'\\x6a' … b'\\x62' … b'\\x71' … b'\\x68' … b'\\x2e' … b'\\x2f' … b'\\x68' … b'\\x6a' … b'\\x6f' … b'\\x75' … b'\\x65' … b'\\x65' … b'\\x6e' … b'\\x70' … b'\\x65' … b'\\x78' … b'\\x74' … b'\\x61' … b'\\x61' … b'\\x69' … b'\\x70' … b'\\x74' … b'\\x79' … b'\\x64' … b'\\x6f' … b'\\x65' … b'\\x65' … b'\\x65' … b'\\x6e' … b'\\x67' … b'\\x61' … b'\\x72' … b'\\x72' … b'\\x69' … b'\\x6e' … b'\\x6f' … b'\\x65' … b'\\x69' … b'\\x79' … b'\\x46' … b'\\x47' … b'\\x6b' … b'\\x57' … b'\\x49' … b'\\x65' … b'\\x42' … b'\\x2b' … b'\\x6e' … b'\\x77' … b'\\x65' … b'\\x72' … b'\\x72' … b'\\x74' … b'\\x69' … b'\\x65' … b'\\x72' … b'\\x6f' … b"'GoogleAnalyticsObject'" … b'%3A' … b'%2F' … b'%2F' … b'%2F' … b'%3A' … b'%2F' … b'%2F' … b'%2F' … b'%20' … b'%20'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!