commial
commented
2 years ago Hi,
Thanks for your proposal. Actually, I'm using another way to find & extracts LUA files.
Instead of looking to the pattern of the Lua compiled files, I rather iterate over the databases looking for SIGNATURE_TYPE_LUASTANDALONE, and extract the Lua script at this point.
That way, I can link the script to their associated threat (usually, !InfrastructureShared).
The code is not yet published, but I plan to do so when I found time to clean it up a bit.
So, I'm closing the issue if it is OK for you. People can still grab the find & call part of your script from this PR.
CaledoniaProject
A better version that extracts all LUAC files