Version 1.19.27, 11/22/2024 -------------------------- * Added --fake-language=LANG option for setting the language to return for Win32_OperatingSystem.OSLanguage. * Added --fake-domain=DOM option for setting the domain to return for WScript.Network.UserDomain. * Added tracking for XMLHTTP URLs. * Added emulation for FileSystemObject::GetFileName(). * Added emulation for WBEMScripting::execQuery(). * Added emulation for navigator.clipboard.writeText(). Version 1.19.26, 8/13/2024 -------------------------- * Added --prepended-code=default option for using the default box-js boilerplate.js file. * Added --limit-file-checks command line flag to switch faked file/folder exists behavior once many file check have been executed. Used to (potentially) break infinite file check loops. * Added --ignore-rewrite-errors command line flag. * Added --fake-script-engine command line flag. * Added --real-script-name command line option. * More browser DOM element emulations. * More ActiveX class emulations. * Make Math.Random() return a predictable series of values. This helps make emulation deterministic. * Bug fixes in JS code rewriting. Version 1.19.25, 6/27/2023 -------------------------- * Track execution of JS served out by a C2 as an IOC. * Track ActiveX object creations as IOCs. * Added a --fake-download command line flag that makes box-js fake valid HTTP responses. * Added a --fake-sample-name command line flag for specifying a fake file name for the analyzed sample. * Upgrade the Acorn JS parser package to most recent version. * Bug fixes in JS code rewriting. Version 1.19.24, 2/15/2023 -------------------------- * Added --activex-as-ioc command line flag for tracking ActiveX object creations as IOCs. * Added --fake-cl-args command line argument for providing fake command line arguments for the executing script. * Added --ignore-wscript-quit command line flag for ignoring WScript.Quit() calls during emulation. * Code rewrite bug fixes and speed ups. * Track addEventListener() as IOC. Version 1.19.20, 2/15/2023 -------------------------- * Added anti-emulation loop rewriting functionality. * Added functionality for faking being run with cscript.exe or wscript.exe. * Added functionality for throttling lots of small file writes. * Added support for WMI.GetObject.Run(). * Added support for ADODBStream.flush(). * Added support for InternetExplorer.Application. * Added support for XMLHttpRequest. * Added some stubbed JQuery functionality. * Added support for ScheduleService. * Track IOCs being passed through the '|' operator in analyzed JS code. * Added support for WindowsInstaller.installer.