generic_javascript_obfuscation5 in trive.cc

On 2020-08-02T00:12:20.053899+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page http://trive.cc/js/jquery.appear.js referenced from http://trive.cc/ .

Code sample:

b"['append','prepend','after','before','attr','removeAttr','i\xc3\x97B\xc2\x95\xc2\xab,','removeClass','toggleClass','remove','css','show',"

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!