generic_javascript_obfuscation5 in c8n.mytrade.link

On 2020-09-03T10:58:05.185470+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://c8n.mytrade.link/web-www/_next/… referenced from https://mytrade.link/ .

Code sample:

b'["md","md","md",0],mt:["xl","lg"],mb:["0","0","0","lg"],justify:"space-between",wrap:"wrap"},Ut(V.Flex,{direction:"column",w:["100%","100%","100%","50%"],mb:["xl","xl","xl","0"],minWidth:["auto","350px"]},Ut(V.Text,{fontWeight:"bold",' … b'["xl","lg"],mb:["0","0","0","lg"],justify:"space-between",wrap:"wrap"},Ut(V.Flex,{direction:"column",w:["100%","100%","100%","50%"],mb:["xl","xl","xl","0"],minWidth:["auto","350px"]},Ut(V.Text,{fontWeight:"bold",' … b'["0","0","0","lg"],justify:"space-between",wrap:"wrap"},Ut(V.Flex,{direction:"column",w:["100%","100%","100%","50%"],mb:["xl","xl","xl","0"],minWidth:["auto","350px"]},Ut(V.Text,{fontWeight:"bold",' … b'["100%","100%","100%","50%"],mb:["xl","xl","xl","0"],minWidth:["auto","350px"]},Ut(V.Text,{fontWeight:"bold",' … b'["md","md","md","0"],py:"lg",flexDirection:["column-reverse","column","column","row"],color:"white",textAlign:["left","left","center","inherit"],justifyContent:"space-between",alignItems:["start","center"]},e),Kt(V.Flex,{direction:["column","row"],maxW:"auto",pr:[0,0,0,"xl"]},Kt(V.Text,{mb:["lg","0"],size:"sm",' … b'["column-reverse","column","column","row"],color:"white",textAlign:["left","left","center","inherit"],justifyContent:"space-between",alignItems:["start","center"]},e),Kt(V.Flex,{direction:["column","row"],maxW:"auto",pr:[0,0,0,"xl"]},Kt(V.Text,{mb:["lg","0"],size:"sm",' … b'["auto","auto","auto","340px"],align:["start","center"],direction:["column","column","column","row"],justify:"space-between",flexGrow:1,mb:["xl",' … b'["animate","backgroundColor","backgroundOpacity","baseUrl","r\x18\xc2\xa5v\xc2\xb7\xc2\xa7","foregroundColor","foregroundOpacity","gradientRatio","uniqueKey","\xc2\x8a{^\xc2\xae\xc3\xb6\xc2\xa5","rtl","speed","style","title"]),v=l||Math.random().toString(36).substring(6),m=v+"-diff",y=v+"-animated-diff",O=v+"-aria",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!