{"id":3223,"date":"2018-06-15T19:26:05","date_gmt":"2018-06-15T19:26:05","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/threatpost\/?p=132863"},"modified":"2018-06-15T19:26:05","modified_gmt":"2018-06-15T19:26:05","slug":"wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/","title":{"rendered":"WannaCry Kill Switch Hero Faces New Charges, But Code Evals Say Little"},"content":{"rendered":"<div class=\"media_block\"><\/div>\n<div><img decoding=\"async\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/31\/2018\/06\/15145328\/malware2.png\" class=\"ff-og-image-inserted\"\/><\/div>\n<p>A fresh FBI charge against Marcus Hutchins has led to the Kronos banking trojan and the UPAS Kit backdoor being linked in the news over the past week.<\/p>\n<p>However, a fresh analysis this week shows that, at least on a code level, the similarities (and differences) between the two are far from conclusive.<\/p>\n<p>Hutchins (a.k.a. \u201cMalwareTech\u201d) came to public attention in May of last year after <a href=\"https:\/\/www.malwaretech.com\/2017\/05\/how-to-accidentally-stop-a-global-cyber-attacks.html\" target=\"_blank\" rel=\"noopener\">discovering a hardcoded \u201ckill switch\u201d<\/a> for the WannaCry ransomware that stopped the infamous campaign in its tracks. He was hailed a hero by the security community, given that WannaCry was at the time wreaking havoc in more than 150 countries, impacting large and small companies alike and causing millions in damages worldwide.<\/p>\n<p>The accolades didn\u2019t last long: The FBI in August 2017 <a href=\"https:\/\/threatpost.com\/marcus-hutchins-only-certainty-is-uncertainty\/127270\/\" target=\"_blank\" rel=\"noopener\">hit the kill switch hero with cybercrime charges<\/a>, for contributing to the development of the Kronos malware. Kronos has been around since June 2014, according to Malwarebytes, and began life as a banking trojan with ties to the leaked Zeus source code, as its name suggests. More recently, according to <a href=\"https:\/\/www.proofpoint.com\/us\/threat-insight\/post\/kronos-banking-trojan-used-to-deliver-new-point-of-sale-malware\" target=\"_blank\" rel=\"noopener\">an analysis<\/a> from Proofpoint, criminals have been seen using it as a downloader for follow-on malware, like point-of-sale skimmers.<\/p>\n<p>Hutchins, who is living in California on bail while he awaits his court date, was then handed fresh charges last week; the FBI is now alleging that he conspired with the same person who first advertised Kronos on the Dark Web \u2013 one Russian-speaking \u201cVinnyk,\u201d according to <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2017\/08\/inside-kronos-malware\/\" target=\"_blank\" rel=\"noopener\">Malwarebytes<\/a> and the indictment \u2013 to distribute the <a href=\"https:\/\/malware.dontneedcoffee.com\/2012\/08\/inside-upas-kit1.0.1.1.html\" target=\"_blank\" rel=\"noopener\">UPAS Kit<\/a> malware, which is a backdoor spy-bot that is mainly used in the wild to download other malicious components.<\/p>\n<p>Despite the differences between the payload functions, Check Point researchers decided to take a look at the two codebases to see if any links could be made.<\/p>\n<p>Most significantly, \u201cboth pieces of malware\u2026 operate as user land rootkits, i.e. malware that uses various techniques in order to cover its own tracks and hide from system monitoring mechanisms,\u201d said Check Point researcher Mark Lechtik, in an interview. \u201cThese are not very common in the wild in general.\u201d<\/p>\n<p><strong>Kind of the Same, Kind of Different<\/strong><\/p>\n<p>In a comparison of the UPAS Kit and the Kronos banking trojan, Check Point also found a few other areas of overlap. For instance, UPAS Kit makes usage of multiple low-level ntdll functions and resolves their addresses during run-time.<\/p>\n<p>\u201cWhile it may serve as a means to thwart analysis, this is not a very sophisticated trick on its own,\u201d wrote Lechtik, in <a href=\"https:\/\/research.checkpoint.com\/deep-dive-upas-kit-vs-kronos\/\" target=\"_blank\" rel=\"noopener\">an analysis<\/a>. \u201cIn fact, a similar method is used in the Kronos malware to achieve the same goal. However, in this case the function names are not kept in cleartext in the binary, but rather as string hashes.\u201d<\/p>\n<p>There is also some overlap on the order of loaded functions (i.e. the order in which the table entries reside within the binary), the analysis pointed out; and, there\u2019s also a similarity in the implementation of the MD5 function in that they both create a mutex name in a similar manner.<\/p>\n<p>Also, there\u2019s a similarity when it comes to conducting a successful injection. UPAS Kit and Kronos take different tacks \u2013 however, \u201cboth present an attempt to elevate the malware\u2019s process token to SeDebugPrivilege, which is not mandatory for the injection to succeed,\u201d Lechtik noted.<\/p>\n<p>Meanwhile, on the evading-sandboxes front, UPAS and Kronos differ substantially, researchers found. For instance, both avoid detection by identifying the ThreatExpert sandbox, and perform checks to see if VMWare is running. In terms of process though, how the equivalent checks are made differ quite a bit, Check Point found.<\/p>\n<p>\u201c[Kronos\u2019] checks cover more scenarios than [UPAS Kit], which may imply that the evasion procedures were written by different authors, or the same one taking a different approach to the problem,\u201d wrote Lechtik.<\/p>\n<p>The reverse-engineering analysis also uncovered that the hooking method used by Kronos is quite different from UPAS Kit, even though here too, there are similarities.<\/p>\n<p>\u201cAlthough both conduct inline hooking, Kronos uses a much more stable and safe implementation,\u201d the analysis points out. \u201cInline hooking introduces a concurrency issue whereby a context switch that occurs before all stolen bytes are overwritten may cause a system crash if the hooked function is called (since it\u2019s code is not in a consistent state). Therefore, the Kronos hooking method uses an atomic write of the prologue bytes using the instruction \u2018lock cmpxch8b\u2019. In this sense, the hooking engine of UPAS Kit is a lot simpler, and instead carries out an unsafe write with WriteProcessMemory function.\u201d<\/p>\n<p>However, when it comes to the hook functions themselves, eight of them appear in a similar form within Kronos, and serve the exact same purposes.<\/p>\n<p>\u201cThis suggests that part of the rootkit component in those binaries was possibly reused,\u201d Lechtik wrote.<\/p>\n<p><strong>Bottom Line<\/strong><\/p>\n<p>Ultimately, Lechtik concluded that neither of the malwares use particularly novel techniques or exhibit positively identifying \u201cfingerprints\u201d of their authors.<\/p>\n<p>While there are some similarities in implementation of particular pieces of code, they don\u2019t necessarily mean the two were written by the same author, he added.<\/p>\n<p>\u201cThey could be result of reusing particular chunks of code from a single code repository that was available to several malware authors,\u201d he told Threatpost. \u201cIt\u2019s really hard to make a call whether both were written by the same author or not. The similarities between them could point at an author that shifted from one malware to another, and in that process improved his techniques, or otherwise totally different crooks who had access to some mutual code base. What can be said is that there is some resemblance in coding style.\u201d<\/p>\n<p>Bottom line? \u201cIt\u2019s really hard to suggest anything by only looking at the code,\u201d Lechtik said. \u201cWhile the facts do show some similarities between the two pieces of malware, we should refrain from pointing fingers as a result of this.\u201d<\/p>\n<p>READ MORE <a href=\"https:\/\/threatpost.com\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/132863\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Feds say Marcus Hutchins is behind both the UPAS Kit backdoor and the Kronos banking trojan. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":3224,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[3],"tags":[1354,1355,1356,1102,28,1357,1358,1359,1360,562],"class_list":["post-3223","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threatpost","tag-check-point","tag-code-analysis","tag-kill-switch","tag-kronos","tag-malware","tag-marcus-hutchins","tag-same-author","tag-similarities","tag-upas-kit","tag-wannacry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>WannaCry Kill Switch Hero Faces New Charges, But Code Evals Say Little 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WannaCry Kill Switch Hero Faces New Charges, But Code Evals Say Little 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-06-15T19:26:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little.png\" \/>\n\t<meta property=\"og:image:width\" content=\"680\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"WannaCry Kill Switch Hero Faces New Charges, But Code Evals Say Little\",\"datePublished\":\"2018-06-15T19:26:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/\"},\"wordCount\":996,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little.png\",\"keywords\":[\"Check Point\",\"code analysis\",\"kill switch\",\"Kronos\",\"Malware\",\"Marcus Hutchins\",\"same author\",\"similarities\",\"upas kit\",\"WannaCry\"],\"articleSection\":[\"Threatpost\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/\",\"name\":\"WannaCry Kill Switch Hero Faces New Charges, But Code Evals Say Little 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little.png\",\"datePublished\":\"2018-06-15T19:26:05+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/#primaryimage\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little.png\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little.png\",\"width\":680,\"height\":400},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Check Point\",\"item\":\"https:\/\/www.threatshub.org\/blog\/tag\/check-point\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"WannaCry Kill Switch Hero Faces New Charges, But Code Evals Say Little\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WannaCry Kill Switch Hero Faces New Charges, But Code Evals Say Little 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/","og_locale":"en_US","og_type":"article","og_title":"WannaCry Kill Switch Hero Faces New Charges, But Code Evals Say Little 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-06-15T19:26:05+00:00","og_image":[{"width":680,"height":400,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"WannaCry Kill Switch Hero Faces New Charges, But Code Evals Say Little","datePublished":"2018-06-15T19:26:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/"},"wordCount":996,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little.png","keywords":["Check Point","code analysis","kill switch","Kronos","Malware","Marcus Hutchins","same author","similarities","upas kit","WannaCry"],"articleSection":["Threatpost"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/","url":"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/","name":"WannaCry Kill Switch Hero Faces New Charges, But Code Evals Say Little 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little.png","datePublished":"2018-06-15T19:26:05+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little.png","width":680,"height":400},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/wannacry-kill-switch-hero-faces-new-charges-but-code-evals-say-little\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Check Point","item":"https:\/\/www.threatshub.org\/blog\/tag\/check-point\/"},{"@type":"ListItem","position":3,"name":"WannaCry Kill Switch Hero Faces New Charges, But Code Evals Say Little"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/3223","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=3223"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/3223\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/3224"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=3223"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=3223"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=3223"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}