generic_javascript_obfuscation5 in d1af033869koo7.cloudfront.net

On 2021-04-05T07:41:40.957447+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page http://d1af033869koo7.cloudfront.net/ps…

Code sample:

b'["111003","111004","400101","400102","400103","400104","705000","705001","705002","705003","705004","705005","705006","705007","705008","705009","705010","705011","705012","705013","705014","705015","705016","705017","705018","705019",' … b'["AcroPDF.PDF","Adodb.Stream","AgControl.AgControl","DevalVRXCtrl.DevalVRXCtrl.1","MacromediaFlashPaper.MacromediaFlashPaper","Msxml2.DOMDocument","Msxml2.XMLHTTP","PDF.PdfCtrl","QuickTime.QuickTime","QuickTimeCheckObject.QuickTimeCheck.1","RealPlayer",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).