public static void entropyCollector() { //Takes the entropy for each of the four directories and adds that to a single list. ShannonEntropy tempEntropyCalculator1 = new ShannonEntropy(); tempEntropyCalculator1.getEntropyOfAllFilesInPath(path1).ToList().ForEach(x => entropiesOfFiles.Add(x.Key, x.Value)); ShannonEntropy tempEntropyCalculator2 = new ShannonEntropy(); tempEntropyCalculator2.getEntropyOfAllFilesInPath(path2).ToList().ForEach(x => entropiesOfFiles.Add(x.Key, x.Value)); ShannonEntropy tempEntropyCalculator3 = new ShannonEntropy(); tempEntropyCalculator3.getEntropyOfAllFilesInPath(path3).ToList().ForEach(x => entropiesOfFiles.Add(x.Key, x.Value)); ShannonEntropy tempEntropyCalculator4 = new ShannonEntropy(); tempEntropyCalculator4.getEntropyOfAllFilesInPath(path4).ToList().ForEach(x => entropiesOfFiles.Add(x.Key, x.Value)); //TODO DOWNLOAD RANSOMWARE IF THE LOGGER IS READY AS WELL }
public static void shannonEntropyFileMonDetection() { Logger.getPoCRansomware(); Thread.Sleep(1000); Logger.postPoCFetched(); while (!Logger.getHasFetched()) { Thread.Sleep(500); } Logger.setRansomwareDownloaderPath(RANSOMWAREDOWNLOADERPATH); ActionTaker.setBackingName(BACKINGNAME); ActionTaker.setPathToBackingFile(pathToBackingFile); ProcMon.setPathToProcMon(ProcMonPath); FilemonEventHandler.setEntropyThreshold(entropyThreshold); FilemonEventHandler.setThresholdToReaction(thresholdToReaction); FilemonEventHandler.setSecondsInThreshold(secondsInThreshold); Logger.setPath1(path1); Logger.setPath2(path2); Logger.setPath3(path3); Logger.setPath4(path4); Logger.setPathFileWatch(PATH); //Find entropy of all files ShannonEntropy temp1 = new ShannonEntropy(); temp1.getEntropyOfAllFilesInPath(path1); ShannonEntropy temp2 = new ShannonEntropy(); temp2.getEntropyOfAllFilesInPath(path2); ShannonEntropy temp3 = new ShannonEntropy(); temp3.getEntropyOfAllFilesInPath(path3); ShannonEntropy temp4 = new ShannonEntropy(); temp4.getEntropyOfAllFilesInPath(path4); Dictionary <string, double> test = ShannonEntropy.getSavedEntropies(); foreach (var item in test) { Console.WriteLine(item.Key + " - " + item.Value); } //Start procmon BACKINGNAME = BACKINGNAME + 0; var t = new Thread(() => ProcMon.createProcmonBackingFile(pathToBackingFile, BACKINGNAME)); t.Start(); //Start filemon //When filemon sees a reaction it posts to filemoneventhandler //Filemoneventhandler then deems if it is nessesary to take action, using actiontaker Console.WriteLine(Logger.getNAMEONTEST()); //Start logger //TODO fix call to server such that it is not honeypotpoc that is called Logger.LogWriter(PATH); Logger.postPoCTested(); Logger.postPoCPosted(); Thread.Sleep(30000); }