generic_javascript_obfuscation5 in maps.googleapis.com

On 2020-10-07T21:29:21.390641+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://maps.googleapis.com/maps-api-v3… referenced from https://sites.google.com/site/movinmakk… .

Code sample:

b'["$a",[8,,,,YM,"src",,,1],"$a",[0,,,,"false","draggable",,1],"$a",[0,,,,"48","height",,1],"$a",[0,,,,"14","width",,1]],["$a",[8,,,,ZM,"src",,,1],"$a",[0,,,,"false","draggable",,1],"$a",[0,,,,"48","height",,1],"$a",[0,,,,"14","width",,1]],["$a",[8,,,,XM,"src",,,1],"$a",[0,,,,"false","draggable",,1],"$a",[0,,,,"48","height",,1],"$a",[0,,,,"14","width",,1]],["$a",[8,,,,YM,"src",,,1],"$a",\n' … b'["exitFullscreen","\xc3\x81\xc3\xa6\xc3\xa4\xc2\x8a\xc3\x911\xc2\x8a\xc3\x91n\xc2\x96[\x1c\xc2\xad\xc3\xa7\xc2\xa7","mozCancelFullScreen","\xc2\x9a\xc3\x811\xc2\x8a\xc3\x91n\xc2\x96[\x1c\xc2\xad\xc3\xa7\xc2\xa7"]),zN=Object.freeze(["~\xc3\xa9e\xc2\xb1\xc3\x8a\xc3\x9ezw!jx\x1e","webkit~\xc3\xa9e\xc2\xb1\xc3\x8a\xc3\x9ezw!jx\x1e","moz~\xc3\xa9e\xc2\xb1\xc3\x8a\xc3\x9ezw!jx\x1e","MSFullscreenChange"]),uN=Object.freeze(["fullscreenEnabled","webkitFullscreenEnabled","\xc2\x9a\xc2\x8c\xc3\x85\xc2\xbaYRr\xc2\xb7\xc2\x9e\xc2\x9cI\xc3\x9anW\xc2\x9d","msFullscreenEnabled"]),AN=Object.freeze(["requestFullscreen","webkitRequestFullscreen","\xc2\x9a\xc2\x8c\xc3\x91z\xc2\xab\xc2\x9e\xc2\xb2\xc3\x91n\xc2\x96T\xc2\x9c\xc2\xad\xc3\xa7\xc2\xa7",' … b'["~\xc3\xa9e\xc2\xb1\xc3\x8a\xc3\x9ezw!jx\x1e","webkit~\xc3\xa9e\xc2\xb1\xc3\x8a\xc3\x9ezw!jx\x1e","moz~\xc3\xa9e\xc2\xb1\xc3\x8a\xc3\x9ezw!jx\x1e","MSFullscreenChange"]),uN=Object.freeze(["fullscreenEnabled","webkitFullscreenEnabled","\xc2\x9a\xc2\x8c\xc3\x85\xc2\xbaYRr\xc2\xb7\xc2\x9e\xc2\x9cI\xc3\x9anW\xc2\x9d","msFullscreenEnabled"]),AN=Object.freeze(["requestFullscreen","webkitRequestFullscreen","\xc2\x9a\xc2\x8c\xc3\x91z\xc2\xab\xc2\x9e\xc2\xb2\xc3\x91n\xc2\x96T\xc2\x9c\xc2\xad\xc3\xa7\xc2\xa7",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).