generic_javascript_obfuscation in d1r90st78epsag.cloudfront.net

On 2019-12-02T02:52:27.054130+00:00 we found pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://d1r90st78epsag.cloudfront.net... referenced from https://biqle.ru/watch/-150118546_456... .

Code sample:

b'\\x0B' … b'\\x0B' … b'\\x0B' … b'\\x0B' … b'\\x0B' … b'\\x0B' … b'atob' … b'atob' … b'atob' … b'atob' … b'atob' … b'"qTbMCzr2ge8ZDyl8CTJZC7VZBTJZC6r2gfqHAy0IhjJSgetVp7tZgNVUB7FIp7tZgNVHAfm9hfs2gMxUAM0QBHJSgeFICHJSge4Np7tZCMk2gMxGhetZg7I2gMVRAe4Pp7tPC7l5DexIp7tQp7tIgeqRp7tIB74UhjJSBy06p7tLhzU2gM0KhyxNhjJSB74VhdJSB70SCHJSB709WjJSB6U2gNtZWMVIAexKp7tGhexHDdJSCMV9AfqOp7tGDe4VDzmVp7t8C7Y2gNlHDzU2g7xJCHJTgfq9Ae4Np7qZC6lZBdJTgNn2g7lPp7qOgfq9Afm4p7qOhex9Ae4Np7qOhelGBylZhylGp7qOAeqRp7qODetSWjJTB7FIheDVp7qLByFPBNr2g70IB78SAew2g70JCyVIgfmPB752g70Khy0JCHJTB6qEByx4p7qLDeDZCTJTCM09g7ZIhfqHp7q8ByVZCTJTDe92g6lGDMlUp7q8CNh4p7q8Dyk2g6PVg7Y' … b'"gMVNsyxHCHJSAeCYgNl9DdJSAeCYhyVTAHJSAeCYDyV9CHJSAeDZC6r2gMVNgMxIBzr2gMVNgM0LgNr2gMVNg70TAHJSAeDUAeqRp7tPh74PCzbIhfr2gMVNDyV9CHJSgNC2gMFLD7PLgTJTAfm4C7l5p7q8g7JLByn2g6VShftEB6tKp7mPhyFLp7mPBymLp7mLBeVKgfmGAfY2hftLDyVTp7lGB6mPAHJVC7qLCNn2hfZLDyVTp7hPBMDVCMVKhHJMDeqRp7t8DzmEBzlNp7rGgHJMDfY2AyxKhyPLgTJRCy0GBM12BexHDzlGgMx9p78NCdJJBeg2B6tZBdJLCMDZC792B6tNAelHp70Gh6U2CylKAfr2Cy0GBNq9gfs2CzlHC6U2DyDEp6mLCyFVC6r2DMVSCMx9B6s2g7FZBfbHp7qIAe8ZWdJTByV9p7qLg7I2We08Cy0GBTJTDe8HAy09p7q8BfqOB6C2g6lKBMVIAe4NDfr2g6lKDdJUhel' … b'"qTbMCzr2ge8ZDyl8CTJZC7VZBTJZC6r2gfqHAy0IhjJSgetVp7tZgNVUB7FIp7tZgNVHAfm9hfs2gMxUAM0QBHJSgeFICHJSge4Np7tZCMk2gMxGhetZg7I2gMVRAe4Pp7tPC7l5DexIp7tQp7tIgeqRp7tIB74UhjJSBy06p7tLhzU2gM0KhyxNhjJSB74VhdJSB70SCHJSB709WjJSB6U2gNtZWMVIAexKp7tGhexHDdJSCMV9AfqOp7tGDe4VDzmVp7t8C7Y2gNlHDzU2g7xJCHJTgfq9Ae4Np7qZC6lZBdJTgNn2g7lPp7qOgfq9Afm4p7qOhex9Ae4Np7qOhelGBylZhylGp7qOAeqRp7qODetSWjJTB7FIheDVp7qLByFPBNr2g70IB78SAew2g70JCyVIgfmPB752g70Khy0JCHJTB6qEByx4p7qLDeDZCTJTCM09g7ZIhfqHp7q8ByVZCTJTDe92g6lGDMlUp7q8CNh4p7q8Dyk2g6PVg7Y' … b'"gMVNsyxHCHJSAeCYgNl9DdJSAeCYhyVTAHJSAeCYDyV9CHJSAeDZC6r2gMVNgMxIBzr2gMVNgM0LgNr2gMVNg70TAHJSAeDUAeqRp7tPh74PCzbIhfr2gMVNDyV9CHJSgNC2gMFLD7PLgTJTAfm4C7l5p7q8g7JLByn2g6VShftEB6tKp7mPhyFLp7mPBymLp7mLBeVKgfmGAfY2hftLDyVTp7lGB6mPAHJVC7qLCNn2hfZLDyVTp7hPBMDVCMVKhHJMDeqRp7t8DzmEBzlNp7rGgHJMDfY2AyxKhyPLgTJRCy0GBM12BexHDzlGgMx9p78NCdJJBeg2B6tZBdJLCMDZC792B6tNAelHp70Gh6U2CylKAfr2Cy0GBNq9gfs2CzlHC6U2DyDEp6mLCyFVC6r2DMVSCMx9B6s2g7FZBfbHp7qIAe8ZWdJTByV9p7qLg7I2We08Cy0GBTJTDe8HAy09p7q8BfqOB6C2g6lKBMVIAe4NDfr2g6lKDdJUhel' … b'"qTbMCzr2ge8ZDyl8CTJZC7VZBTJZC6r2gfqHAy0IhjJSgetVp7tZgNVUB7FIp7tZgNVHAfm9hfs2gMxUAM0QBHJSgeFICHJSge4Np7tZCMk2gMxGhetZg7I2gMVRAe4Pp7tPC7l5DexIp7tQp7tIgeqRp7tIB74UhjJSBy06p7tLhzU2gM0KhyxNhjJSB74VhdJSB70SCHJSB709WjJSB6U2gNtZWMVIAexKp7tGhexHDdJSCMV9AfqOp7tGDe4VDzmVp7t8C7Y2gNlHDzU2g7xJCHJTgfq9Ae4Np7qZC6lZBdJTgNn2g7lPp7qOgfq9Afm4p7qOhex9Ae4Np7qOhelGBylZhylGp7qOAeqRp7qODetSWjJTB7FIheDVp7qLByFPBNr2g70IB78SAew2g70JCyVIgfmPB752g70Khy0JCHJTB6qEByx4p7qLDeDZCTJTCM09g7ZIhfqHp7q8ByVZCTJTDe92g6lGDMlUp7q8CNh4p7q8Dyk2g6PVg7Y' … b'"gMVNsyxHCHJSAeCYgNl9DdJSAeCYhyVTAHJSAeCYDyV9CHJSAeDZC6r2gMVNgMxIBzr2gMVNgM0LgNr2gMVNg70TAHJSAeDUAeqRp7tPh74PCzbIhfr2gMVNDyV9CHJSgNC2gMFLD7PLgTJTAfm4C7l5p7q8g7JLByn2g6VShftEB6tKp7mPhyFLp7mPBymLp7mLBeVKgfmGAfY2hftLDyVTp7lGB6mPAHJVC7qLCNn2hfZLDyVTp7hPBMDVCMVKhHJMDeqRp7t8DzmEBzlNp7rGgHJMDfY2AyxKhyPLgTJRCy0GBM12BexHDzlGgMx9p78NCdJJBeg2B6tZBdJLCMDZC792B6tNAelHp70Gh6U2CylKAfr2Cy0GBNq9gfs2CzlHC6U2DyDEp6mLCyFVC6r2DMVSCMx9B6s2g7FZBfbHp7qIAe8ZWdJTByV9p7qLg7I2We08Cy0GBTJTDe8HAy09p7q8BfqOB6C2g6lKBMVIAe4NDfr2g6lKDdJUhel' … b'"eHsIqdrGrdaErdaIqHU4pdY6vctTByxHC7VLBNtVgeq9AeqVvMVKhM1Svdw7vdwIrcE5qTnErcESg70KC70Gg6tZAeDODzVTvMVKhM1SvdaIe89IriFBfiFBfiFMgeFHhiFMgeFHhiF2XiEEvcsSvctTByxHC7VLBNtVgeq9AeqVvMVKhM1SvcsSvxISs7qLBNmVBNnYoSbUAfgKDMVUhe1YoSbZpM49Ac8TAyVIhcYFriUSvctUAfhBC6m4BykQoiCFrTlEWcDDsV9IhMxIC7kIrcESvG0UreJHpztLhfx8Wyt6gi4TBy08hyhGB749vM4VDcsIrcEEvxJDvdaIriEGvcsSvxJDvctKhemTB74HDyxKg7kKAe4MBGsIsTw9rja6pjUHrcsIe89IrcEEvcsSvdaIrcESsSESsSEFvct8BelPBNZ9WfV4sSF2XiFBsVnECH9SvcaSkjtyDlUGlNrSvcaSlUDIrytzlj9SvcaSljtyDyqzWyFtixtIhkZ'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!