Пример #1
0
        //Event handler if an object is changed
        private static void OnChanged(object source, FileSystemEventArgs e)
        {
            Console.WriteLine("File: " + e.FullPath + " has been " + e.ChangeType);
            threshold.Add(DateTime.Now);
            List <DateTime> temp = new List <DateTime>();
            DateTime        now  = DateTime.Now;

            foreach (DateTime t in threshold)
            {
                if (60 < (now.Subtract(t).Seconds))
                {
                    temp.Add(t);
                }
            }

            foreach (DateTime t in temp)
            {
                threshold.Remove(t);
            }

            //If threshold is reached, it makes a reaction
            if (threshold.Count > thresholdNum)
            {
                Console.WriteLine("Threshold reached. It's killing time");

                if (!hasMadeFirstDetection)
                {
                    firstDetectionTime    = DateTime.Now;
                    hasMadeFirstDetection = true;
                }
                if (eventNameAndTime.ContainsKey(e.FullPath))
                {
                    //Report it has been changed
                    Console.WriteLine("File: " + e.FullPath + " has been " + e.ChangeType);
                    if (MONITORTIMEOUT < (DateTime.Now.Subtract((DateTime)eventNameAndTime[e.FullPath])).TotalSeconds)
                    {
                        Console.WriteLine("Stopping the process");
                        eventNameAndTime[e.FullPath] = DateTime.Now;
                        ActionTaker.honeypotChange(e.FullPath);
                    }
                }
                else
                {
                    //Report it has been changed
                    Console.WriteLine("File: " + e.FullPath + " has been " + e.ChangeType);
                    eventNameAndTime.Add(e.FullPath, DateTime.Now);
                    ActionTaker.honeypotChange(e.FullPath);
                }
            }
        }
Пример #2
0
        public static void honeyPotFileMonDetection()
        {
            //Fetch the ransomwarename
            Logger.getPoCRansomware();

            Thread.Sleep(1000);
            //Inform the server that the ransomware has been fetched
            Logger.postPoCFetched();

            //Wait for response from the server
            while (!Logger.getHasFetched())
            {
                Thread.Sleep(500);
            }

            //Sets the correct values in different classes
            Logger.setRansomwareDownloaderPath(RANSOMWAREDOWNLOADERPATH);

            ActionTaker.setBackingName(BACKINGNAME);
            ActionTaker.setPathToBackingFile(pathToBackingFile);

            ProcMon.setPathToProcMon(ProcMonPath);
            BACKINGNAME = BACKINGNAME + 0;

            //Start the procmon
            var t = new Thread(() => ProcMon.createProcmonBackingFile(pathToBackingFile, BACKINGNAME));

            t.Start();

            Console.WriteLine(Logger.getNAMEONTEST());
            //Start the logger
            Logger.LogWriter(PATH);

            //Post that the ransomware succesfully has been tested
            Logger.postPoCTested();

            //Post the tested results
            Logger.postPoCPosted();


            Thread.Sleep(30000);
        }