generic_javascript_obfuscation5 in sharevue.org

On 2020-06-30T22:17:07.488980+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://sharevue.org/csp/healthshare/ag… referenced from https://sharevue.stjoe.org/ .

Code sample:

b'["deep-silver","shade-silver","glow-silver","glow-silverHz","glow-silverDiag","deep-red","shade-red","glow-red","glow-redHz","glow-redDiag","deep-green","shade-green","glow-green","glow-greenHz","glow-greenDiag","deep-blue","shade-blue","glow-blue","glow-blueHz","glow-blueDiag","deep-yellow","shade-yellow","glow-yellow","glow-yellowHz","glow-yellowDiag","deep-purple","shade-purple","glow-purple","glow-purpleHz","glow-purpleDiag","deep-teal","shade-teal","glow-teal","glow-tealHz","glow-tealDiag","deep-orange' … b"['color','backgroundColor','textAlign','fontFamily','~\xc2\x89\xc3\xadJ,\xc3\x9e','margin','padding','opacity','n\xc2\x8a\xc3\x9dz\xc2\xb4Zv+\xc2\xac','top','left','right','left','width','height'," … b"['color','backgroundColor','fontFamily','~\xc2\x89\xc3\xadJ,\xc3\x9e','margin','padding','opacity','n\xc2\x8a\xc3\x9dz\xc2\xb4Zv+\xc2\xac','top','left','right','left','width'," … b"['color','background-color','font-family','font-size','margin','padding','opacity','border-radius','top','left','right','left','width',"

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!