generic_javascript_obfuscation5 in cdn.livechatinc.com

On 2020-06-30T21:06:34.000207+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://cdn.livechatinc.com/widget/stat… referenced from http://www.nilai.edu.my/ .

Code sample:

b'["application","clientLimitExceededLifted"],u\xef\xbf\xbd\xda\xba[Uj[\xef\xbf\xbd:!1},eyeCatcherHidden:{path:["application","eyeCatcher","hidden"],u\xef\xbf\xbd\xda\xba[Uj[\xef\xbf\xbd:!1},invitationHiddenIds:{path:["application","invitation","hiddenIds"],u\xef\xbf\xbd\xda\xba[Uj[\xef\xbf\xbd:[]},invitationDisplayedIds:{path:["application","invitation","v+)\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbdt\xef\xbf\xbdl"],u\xef\xbf\xbd\xda\xba[Uj[\xef\xbf\xbd:[]},maximized:{path:["application","maximized"],u\xef\xbf\xbd\xda\xba[Uj[\xef\xbf\xbd:!1},muted:{path:["application",' … b'["application","eyeCatcher","hidden"],u\xef\xbf\xbd\xda\xba[Uj[\xef\xbf\xbd:!1},invitationHiddenIds:{path:["application","invitation","hiddenIds"],u\xef\xbf\xbd\xda\xba[Uj[\xef\xbf\xbd:[]},invitationDisplayedIds:{path:["application","invitation","v+)\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbdt\xef\xbf\xbdl"],u\xef\xbf\xbd\xda\xba[Uj[\xef\xbf\xbd:[]},maximized:{path:["application","maximized"],u\xef\xbf\xbd\xda\xba[Uj[\xef\xbf\xbd:!1},muted:{path:["application",' … b'["name","\xef\xbf\xbd\xe7\xac\xb6*\'","email","r\x17\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd1","r\x17\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd1_for_email","radio","skill","select",' … b'["id","r\xef\xbf\xbd-\xef\xbf\xbdb\x1d","j\xef\xbf\xbda\xef\xbf\xbd\xef\xbf\xbd\x1d","timestamp","\xef\xbf\xbd\x1a\xef\xbf\xbdi\xef\xbf\xbd\x1d","properties","seen","\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbdz\xef\xbf\xbd\x1d","type","text",' … b'["r\x18\xef\xbf\xbdv\xef\xbf\xbd\xef\xbf\xbd","authorName","deliveryStatus","isOwn","date","showMetaOnClick","onSeen","radiusType",' … b'["active","r\x18\xef\xbf\xbdv\xef\xbf\xbd\xef\xbf\xbd","u\xef\xbf\xbd\xda\xba[Uj[\xef\xbf\xbd","onButtonClick","\xef\xbf\xbdp\xef\xbf\xbdjx\x1e","onKeyDown","onSend","onValueChange",' … b'["allowFileUpload","mobile","onHeightChange","onSendMessage","allowInput","\xef\xbf\xbd\xef\xbf\xbd(\xef\xbf\xbdw\xef\xbf\xbd\xef\xbf\xbd)\xef\xbf\xbd","\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\x16)^","sendMessage","setMessageDraft","applicationFocused","onFocusChange",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!