generic_javascript_obfuscation5 in c8n.mytrade.link

On 2020-09-03T10:58:04.696979+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://c8n.mytrade.link/web-www/_next/… referenced from https://mytrade.link/ .

Code sample:

b'["lg","xl"],py:["lg","xl"],h:["500px","452px"]},G(C.a,{w:"100%",h:"100%",pos:"i\xc2\xbb(\xc2\x96\xc3\xab^",top:"0",left:"0",src:r?i:a}),G(m.Flex,{pos:"\xc2\xad\xc3\xa9Z\xc2\xb6+\xc3\x9e",h:"100%",color:"white",flexDir:"column",justifyContent:[p||"flex-end","flex-start"]},n&&G(m.Box,{fontSize:["10px","12px"],letterSpacing:"2px",as:"span",dangerouslySetInnerHTML:{__html:n},mb:["20px","30px"]}),G(m.Flex,{w:["320px","600px"],lineHeight:[1.19,1.08],flexDir:"column"},o&&G(m.Heading,{size:"lg"},G(m.Box,{as:"span",dangerouslySetInnerHTML:{__html:o}})),s&&G' … b'["lg","xl"],h:["500px","452px"]},G(C.a,{w:"100%",h:"100%",pos:"i\xc2\xbb(\xc2\x96\xc3\xab^",top:"0",left:"0",src:r?i:a}),G(m.Flex,{pos:"\xc2\xad\xc3\xa9Z\xc2\xb6+\xc3\x9e",h:"100%",color:"white",flexDir:"column",justifyContent:[p||"flex-end","flex-start"]},n&&G(m.Box,{fontSize:["10px","12px"],letterSpacing:"2px",as:"span",dangerouslySetInnerHTML:{__html:n},mb:["20px","30px"]}),G(m.Flex,{w:["320px","600px"],lineHeight:[1.19,1.08],flexDir:"column"},o&&G(m.Heading,{size:"lg"},G(m.Box,{as:"span",dangerouslySetInnerHTML:{__html:o}})),s&&G(m.Box,{as:"spa' … b'["AE","SA","TR","EG","IN","CN","IT","CO","ZA","FR","GB","ID","PK","LB","KW",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!