generic_javascript_obfuscation in dc5k8fg5ioc8s.cloudfront.net

On 2020-01-15T09:29:07.662086+00:00 we found pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://dc5k8fg5ioc8s.cloudfront.net/... referenced from https://biqle.ru/watch/-150118546_456... .

Code sample:

b'atob' … b'atob' … b'"qTbMCzr2ge8ZDyl8CTJZC7VZBTJZC6r2gfqHAy0IhjJSgetVp7tZgNVUB7FIp7tZgNVHAfm9hfs2gMxUAM0QBHJSgeFICHJSge4Np7tZCMk2gMxGhetZg7I2gMVRAe4Pp7tPC7l5DexIp7tQp7tIgeqRp7tIB74UhjJSBy06p7tLhzU2gM0KhyxNhjJSB74VhdJSB70SCHJSB709WjJSB6U2gNtZWMVIAexKp7tGhexHDdJSCMV9AfqOp7tGDe4VDzmVp7t8C7Y2gNlHDzU2g7xJCHJTgfq9Ae4Np7qZC6lZBdJTgNn2g7lPp7qOgfq9Afm4p7qOhex9Ae4Np7qOhelGBylZhylGp7qOAeqRp7qODetSWjJTB7FIheDVp7qLByFPBNr2g70IB78SAew2g70JCyVIgfmPB752g70Khy0JCHJTB6qEByx4p7qLDeDZCTJTCM09g7ZIhfqHp7q8ByVZCTJTDe92g6lGDMlUp7q8CNh4p7q8Dyk2g6PVg7Y' … b'"gMVNsyxHCHJSAeCYgNl9DdJSAeCYhyVTAHJSAeCYDyV9CHJSAeDZC6r2gMVNgMxIBzr2gMVNgM0LgNr2gMVNg70TAHJSAeDUAeqRp7tPh74PCzbIhfr2gMVNDyV9CHJSgNC2gMFLD7PLgTJTAfm4C7l5p7q8g7JLByn2g6VShftEB6tKp7mPhyFLp7mPBymLp7mLBeVKgfmGAfY2hftLDyVTp7lGB6mPAHJVC7qLCNn2hfZLDyVTp7hPBMDVCMVKhHJMDeqRp7t8DzmEBzlNp7rGgHJMDfY2AyxKhyPLgTJRCy0GBM12BexHDzlGgMx9p78NCdJJBeg2B6tZBdJLCMDZC792B6tNAelHp70Gh6U2CylKAfr2Cy0GBNq9gfs2CzlHC6U2DyDEp6mLCyFVC6r2DMVSCMx9B6s2g7FZBfbHp7qIAe8ZWdJTByV9p7qLg7I2We08Cy0GBTJTDe8HAy09p7q8BfqOB6C2g6lKBMVIAe4NDfr2g6lKDdJUhel'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!