generic_javascript_obfuscation in c8n.mytrade.link

On 2020-09-03T10:58:04.385077+00:00 we found pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://c8n.mytrade.link/web-www/_next/… referenced from https://mytrade.link/ .

Code sample:

b'var n=[],u=0,a=!1;t.forEach((~\xc3\xa9\xc3\x9c\xc2\xb6*\'(o,s){i.resolve(o).then((~\xc3\xa9\xc3\x9c\xc2\xb6*\'(r){n[s]=r,(u+=1)===t.length&&e(n)})).catch((~\xc3\xa9\xc3\x9c\xc2\xb6*\'(t){!~\xc3\xa9\xc3\x9c\xc2\xb6*\'(t){a||(a=!0,r(t))}(t)}))}))})):i.resolve([])},Promise===i)throw new Error("Please use SynchronousPromise.installGlobally() to install globally");var o=Promise;i.installGlobally=~\xc3\xa9\xc3\x9c\xc2\xb6*\'(t){if(Promise===i)return t;var e=~\xc3\xa9\xc3\x9c\xc2\xb6*\'(t){if("undefined"===typeof t||t.__patched)return t;var e=t;return(t=~\xc3\xa9\xc3\x9c\xc2\xb6*\'(){e.apply(this,n(arguments))}).__patched=!0,t}(t);return Promis' … b'\\xb1' … b'\\xf7' … b'\\x00' … b'\\x2f' … b'\\x40' … b'\\x5b' … b'\\x60' … b'\\x7b' … b'\\xbf' … b'\\x0b' … b'\\xa0' … b'\\xf6' … b'\\xf8' … b'\\xff' … b'\\xf6' … b'\\xf8' … b'\\xff' … b'\\xb1' … b'\\xf7' … b'\\x00' … b'\\x2f' … b'\\x40' … b'\\x5b' … b'\\x60' … b'\\x7b' … b'\\xbf' … b'\\x0b' … b'\\xa0' … b'\\xf6' … b'\\xf8' … b'\\xff' … b'\\xf6' … b'\\xf8' … b'\\xff'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!