hex_script in buocchanviet.net

On 2020-04-23T12:23:16.304961+00:00 we found pattern hex_script, type: Suspicious, (HTML <script> tag encoded in hex is a popular evasion technique in JavaScript malware) in the page http://buocchanviet.net/codeblog/java.js referenced from http://tranvachthachcaodeptphcm.blogspo… .

Code sample:

b'\\x73\\x63\\x72\\x69\\x70\\x74\\x22'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!