Υλοποίηση ενός πράκτορα για έλεγχο λειτουργικού συστήματος χρησιμοποιώντας κανόνες YARA και πληροφορίες που αντλούνται από το Malware Information Sharing Platform
View/ Open
Abstract
Main purpose of the current thesis is the development of an agent which will be connected with the Online platform Malware Information Sharing Platform and Threat Sharing (MISP) in order to retrieve Indicators of Compromise. Through them, it will perform a targeted research of malicious software that could be running in the operating system.
More specifically, in the MISP platform, analysts of malicious software activity, have the opportunity to both import and share information that they retrieve from the analysis. The analysts that handle the platform can import indicators related to software violation. On the other hand, users are able to connect and in parallel get informed on the new findings but also retrieve the indicators of violation so as to inform the security systems that they are using.
The application which has been developed, automates the process by retrieving violence indicators Yara and IP destination. It is performing a test of the latest executed programs that have been run in the operating system, checks the processes that are executed the particular moment and overviews the connections that the operating system is trying to perform. In case an indicator is activated or deleted, the files either ends the procedure or the connection is terminated.