generic_javascript_obfuscation2 in www.mude.pt

On 2020-05-23T19:26:01.359014+00:00 we found pattern generic_javascript_obfuscation2, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://www.mude.pt/public/js/plugins.js referenced from https://mude.pt/ .

Code sample:

b'atob' … b'atob' … b'atob' … b"'w7nCnCdHw5DCrMKFwrlFHWo+Gm06w6Mewo8CIHoWwpM/RMO2AHHCk1HCpGXDvsO0CsKLw7HCtsKEahwbwprCmAImwpxfw4fCn8OhN8OYaFTDv1ZPA8KIw63CqcK3WMOPw7TCi8K+RsK6wprDrC9GdRkvfXzDtWnChWrDqcOrdU9TwrbCrFzDrGDCucOsw7jCnzXCt8OFMlMx'" … b"'McKzwr7Ct8OqwpIwV35RwqAzw6PDtS3ChG1tG8KHSnQLFsONwojCmHDDs8Kgwos9wqPDtRvCi8OwZcOwbsOuwpt8wofCviZkwrVzwqrDp8Otwr/Ctw=='" … b"'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='"

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!