generic_javascript_obfuscation5 in js.driftt.com

On 2020-10-08T02:12:13.215794+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://js.driftt.com/include/160212330… referenced from http://triggeredmail.appspot.com/ .

Code sample:

b'["hidden","sidebar-opened","sidebar-opened-half-height",Fn,"sidebar-closed-with-welcome-message-expanded",Kn,Gn,"slider","sidebar-closed","sidebar-closed-with-preview","sidebar-closed-with-email-capture-slider","consent-takeover-large","consent-takeover-large-video","consent-takeover-large-half-height","consent-takeover-small"],or=(In={},rt()(In,"hidden",jn),rt()(In,"iframe-takeover",$n),rt()(In,"sidebar-opened",Vn),rt()(In,"sidebar-opened-half-height",Jn),rt()(In,"zf\xc3\x9eu\xc3\x97\xc2\x9d-messenger",qn),rt()(In,Fn,Ln),rt' … b'["locale","zv\xc2\x9b\xc2\x95\xc3\xa5\xc2\x9e\xc2\x95\xc3\x8a&x\xc3\x87\xc2\xac\xc2\xb1\xc2\xa8\x1e","enableCampaigns","enableChatTargeting","enableChatIfConversationHistory","zv\xc2\x9b\xc2\x95\xc3\xa4\xc3\xa2\xc2\xb6W\xc2\x8d\xc2\xa2\xc3\x98\xc2\x9f\xc2\x89\xc3\x86\xc2\xad\xc2\x8a\xc2\x89\xc3\xac","zv\xc2\x9b\xc2\x95\xc3\xa4\xc2\xa8\xc2\xbawM\xc2\xa2\xc3\x98\xc2\x9f\xc2\x89\xc3\x86\xc2\xad\xc2\x8a\xc2\x89\xc3\xac","backgroundColor","foregroundColor","activeColor","textColor","widgetBackgroundColor","j\xc3\xabh\x02\xc3\x8b"\xc2\x82w\xc2\x9eId","j\xc3\xabh\x02\xc3\x8b"\xc2\x82w\xc2\x9e","inboxId","\xc3\x82\'`z\xc3\x94\xc2\xadj\xc3\x9b\xc2\xac","widgetMode","welcomeMessageDelay","disableNewConversations","disableSidebarClose","enabled","profileMode","driftVideoMode","v\xc2\xb8\xc2\x9f\xc2\xb5X\xc2\x9dz\xc2\x80\xc2\x9a\xc2\x9a\xc2\x96\xc2\xa2\xc2\x82r\x1d","conversationVisibility","vide' … b'["init","load","unload","config","\xc2\x89\xc3\x97\xc2\xa7\xc2\xb6\'\xc3\xb2","setUserJwt","waitForUserJwt","track","page","debug","on","off","show","hide",' … b'["{","}","|","\\","^","`"].concat(["<",">",\'"\',"`",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).