generic_javascript_obfuscation5 in www.terabilisim.com

On 2020-05-06T18:04:29.903211+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://www.terabilisim.com/resource/si… referenced from https://www.terabilisim.com/blog/phishi… .

Code sample:

b'["paddingLeft","\xc2\xa5\xc2\xa7]\xc2\x8ax\x11\xc2\x8a\x08m","paddingTop","paddingBottom","marginLeft","marginRight","marginTop","\xc2\x99\xc2\xaa\xc3\xa0\xc2\x8aph\xc2\xb6\xc3\x9a&","borderLeftWidth","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","borderTopWidth",' … b'["\xc2\xa2\xc3\xabek\'\xc2\xab/\xc2\xa2\xc3\xabek\'\xc2\xab","get-size/get-size","matches-selector/matches-selector","fizzy-ui-utils/utils","isotope/js/item","isotope/js/layout-mode","isotope/js/layout-modes/masonry","isotope/js/layout-modes/fit-rows",' … b'["paddingLeft","\xc2\xa5\xc2\xa7]\xc2\x8ax\x11\xc2\x8a\x08m","paddingTop","paddingBottom","marginLeft","marginRight","marginTop","\xc2\x99\xc2\xaa\xc3\xa0\xc2\x8aph\xc2\xb6\xc3\x9a&","borderLeftWidth","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","borderTopWidth",' … b"['Years','Months','Weeks','Days','Hours','Minutes','Seconds'],labels1:['Year','Month','Week','Day','Hour','Minute','Second'],compactLabels:['y','m','w','d'],whichLabels:null,digits:['0','1','2','3','4','5','6','7','8','9'],timeSeparator:':',isRTL:false}},_getters:['\xc2\x81\xc3\xabS\xc2\x8ag\xc2\xac'],_rtlClass:w+'-rtl',_sectionClass:w+'-section',_amountClass:w+'-amount',_periodClass:w+'-period',_rowClass:w+'-row',_holdingClass:w+'-holding',_showClass:w+'-show',_descrClass:w+'-descr'," … b"['Year','Month','Week','Day','Hour','Minute','Second'],compactLabels:['y','m','w','d'],whichLabels:null,digits:['0','1','2','3','4','5','6','7','8','9'],timeSeparator:':',isRTL:false}},_getters:['\xc2\x81\xc3\xabS\xc2\x8ag\xc2\xac'],_rtlClass:w+'-rtl',_sectionClass:w+'-section',_amountClass:w+'-amount',_periodClass:w+'-period',_rowClass:w+'-row',_holdingClass:w+'-holding',_showClass:w+'-show',_descrClass:w+'-descr'," … b"['y','m','w','d'],whichLabels:null,digits:['0','1','2','3','4','5','6','7','8','9'],timeSeparator:':',isRTL:false}},_getters:['\xc2\x81\xc3\xabS\xc2\x8ag\xc2\xac'],_rtlClass:w+'-rtl',_sectionClass:w+'-section',_amountClass:w+'-amount',_periodClass:w+'-period',_rowClass:w+'-row',_holdingClass:w+'-holding',_showClass:w+'-show',_descrClass:w+'-descr'," … b"['0','1','2','3','4','5','6','7','8','9'],timeSeparator:':',isRTL:false}},_getters:['\xc2\x81\xc3\xabS\xc2\x8ag\xc2\xac'],_rtlClass:w+'-rtl',_sectionClass:w+'-section',_amountClass:w+'-amount',_periodClass:w+'-period',_rowClass:w+'-row',_holdingClass:w+'-holding',_showClass:w+'-show',_descrClass:w+'-descr',"

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!