Brae
commented
5 years ago Added basic extractor for Kraken Cryptor ransomware configs. Only shows most relevant info, limitations in push_config make it hard to show all the data.
Open Brae opened 6 years ago
Brae
commented
5 years ago Added basic extractor for Kraken Cryptor ransomware configs. Only shows most relevant info, limitations in push_config make it hard to show all the data.
Previously js_eval.py simply reported 'Executed javascript' for any COleScript::Compile hook result, but since the VBScript hooking refers to the same function name this incorrectly identifies the language. Added check for VB content.