generic_javascript_obfuscation in kanboard.juancamos.com

On 2020-03-26T11:22:27.505005+00:00 we found pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://kanboard.juancamos.com/assets... referenced from https://kanboard.juancamos.com/ .

Code sample:

b'var t=[];for(var e in n)t.push(e);return t},ao.values=~\xe9\xdc\xb6*\'(n){var t=[];for(var e in n)t.push(n[e]);return t},ao.entries=~\xe9\xdc\xb6*\'(n){var t=[];for(var e in n)t.push({key:e,value:n[e]});return t},ao.merge=~\xe9\xdc\xb6*\'(n){for(var t,e,r,i=n.length,u=-1,o=0;++u<i;)o+=n[u].length;for(e=new Array(o);--i>=0;)for(r=n[i],t=r.length;--t>=0;)e[--o]=r[t];return e};var xo=Math.abs;ao.range=~\xe9\xdc\xb6*\'(n,t,e){if(arguments.length<3&&(e=1,arguments.length<2&&(t=n,n=0)),(t-n)/e===1/0)throw new Error("infinite range");var r,i=[],u=a(xo(e' … b'var t=[];for(var e in n)t.push(n[e]);return t},ao.entries=~\xe9\xdc\xb6*\'(n){var t=[];for(var e in n)t.push({key:e,value:n[e]});return t},ao.merge=~\xe9\xdc\xb6*\'(n){for(var t,e,r,i=n.length,u=-1,o=0;++u<i;)o+=n[u].length;for(e=new Array(o);--i>=0;)for(r=n[i],t=r.length;--t>=0;)e[--o]=r[t];return e};var xo=Math.abs;ao.range=~\xe9\xdc\xb6*\'(n,t,e){if(arguments.length<3&&(e=1,arguments.length<2&&(t=n,n=0)),(t-n)/e===1/0)throw new Error("infinite range");var r,i=[],u=a(xo(e)),o=-1;if(n*=u,t*=u,e*=u,0>e)for(;(r=n+e*++o)>t;)i.push(r/u);el' … b'var t=[];for(var e in n)t.push({key:e,value:n[e]});return t},ao.merge=~\xe9\xdc\xb6*\'(n){for(var t,e,r,i=n.length,u=-1,o=0;++u<i;)o+=n[u].length;for(e=new Array(o);--i>=0;)for(r=n[i],t=r.length;--t>=0;)e[--o]=r[t];return e};var xo=Math.abs;ao.range=~\xe9\xdc\xb6*\'(n,t,e){if(arguments.length<3&&(e=1,arguments.length<2&&(t=n,n=0)),(t-n)/e===1/0)throw new Error("infinite range");var r,i=[],u=a(xo(e)),o=-1;if(n*=u,t*=u,e*=u,0>e)for(;(r=n+e*++o)>t;)i.push(r/u);else for(;(r=n+e*++o)<t;)i.push(r/u);return i},ao.map=~\xe9\xdc\xb6*\'(n,t){var ' … b'var h=[];r!==u&&r!==o;)h.push(r),r=e();t&&null==(h=t(h,s++))||a.push(h)}return a},e.format=~\xe9\xdc\xb6*\'(t){if(Array.isArray(t[0]))return e.formatRows(t);var r=new y,i=[];return t.forEach(~\xe9\xdc\xb6*\'(n){for(var t in n)r.has(t)||i.push(r.add(t))}),[i.map(o).join(n)].concat(t.map(~\xe9\xdc\xb6*\'(t){return i.map(~\xe9\xdc\xb6*\'(n){return o(t[n])}).join(n)})).join("\\n")},e.formatRows=~\xe9\xdc\xb6*\'(n){return n.map(u).join("\\n")},e},ao.csv=ao.dsv(",","\xb5\xecm\xfd\xcb/"),ao.tsv=ao.dsv("\t","text/tab-separated-values");var oa,aa,la,ca,fa=this[x(this,"requestAnim' … b'var sa=["y","z","a","f","p","n","\\xb5' … b'\\xA0' … b'\\xA0' … b'\\x20' … b'\\xa0' … b'\\x1f' … b'\\x7f' … b'\\x1f' … b'\\x7f' … b'\\x20' … b'\\x20' … b'\\x20' … b'\\x20' … b'\\x20' … b'\\x00' … b'\\xb5' … b'\\x00' … b'\\x1f' … b'"navigationAsDateFormat"' … b'"select2/selection/base"' … b'"select2/selection/placeholder"' … b'"select2/data/tokenizer"' … b'"select2/data/minimumInputLength"' … b'"select2/data/maximumInputLength"' … b'"select2/data/maximumSelectionLength"' … b'"maximumSelectionLength"' … b'\'/minimumResultsForSearch"' … b'"minimumResultsForSearch"' … b'"requestAnimationFrame"' … b'"withTransitionForExit"' … b'"withTransitionForAxis"' … b'"withTransitionForTransform"' … b'"normalizedPathSegList"' … b'"animatedNormalizedPathSegList"' … b'"withTransitionForTransform"' … b'%20' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%60' … b'%1e' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%10' … b'%12' … b'%10' … b'%12' … b'%10' … b'%1e' … b'%60' … b'%36' … b'%36' … b'%36' … b'%36' … b'%36' … b'%36' … b'%36'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!