Master

.gitignore

@@ -0,0 +1,5 @@
+build/*
+dist/*
+*.spec
+__pycache__/*
+.idea/*

README.md

@@ -0,0 +1,9 @@
+Ransomware Detection - academic project under Microsoft supervision.
+
+Click the following link to read the presentation poster(English):
+
+https://1drv.ms/b/s!AsE6M50PUjDOab7ZXizffp3OF1o
+
+And more thorough explanation from here(Hebrew):
+
+https://1drv.ms/b/s!AsE6M50PUjDObI8gcj_WoGWmBOk

auditor.py

@@ -0,0 +1,58 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+"""
+Created on Tue Dec 26 15:09:10 2017
+
+@authors Rafael,Dmitriy
+Ransomware Detection Project
+Technion, Haifa, Israel
+
+Auxiliary script for monitoring the honeypot files.
+Ransomware Attack will be detected if at least one of these files is modified.
+"""
+
+import os
+import re
+import sys
+
+
+def panic():
+    """
+            Ransomware was detected --> send HTTP POST to C&C + kill VM instance
+    """
+    if os.path.exists("communicate.txt"):
+        return
+    else:
+        file = open("communicate.txt", "w")
+        file.write("0")
+        file.close()
+    file = open("data.txt", "r")
+    temp = file.read()
+    file.close()
+    names = temp.split(",")
+    print("the %s is infected by %s "%(names[0],names[1]))
+
+
+def main():
+    flag = 0
+    filename = os.path.basename(sys.argv[1])
+
+    try:
+        file = open("names.txt", "r")
+        text = file.read()
+        file.close()
+        result = re.findall("\\b" + filename + "\\b", text)
+
+        if result.__len__() != 0:
+            flag = 1
+
+    except IOError:
+        pass
+
+    if flag == 1:
+        print("Detected honeypot modification : {0} ".format(sys.argv[1]))
+        panic()
+
+
+if __name__ == '__main__':
+    main()

cleaner.py

@@ -0,0 +1,51 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+"""
+Created on Thu Jan 04 18:52:16 2017
+
+@authors Rafael,Dmitriy
+Ransomware Detection Project
+Technion, Haifa, Israel
+
+Script for cleaning the paths from honeypot files
+"""
+
+import os
+
+
+def clean_dir(directory, names):
+    """
+        Remove honeypot files from given directory
+    """
+
+    for dirName, dirlist, fileList in os.walk(directory):
+        for fname in fileList:
+            if fname in names:
+                os.remove(directory + fname)
+
+
+def main():
+    """
+            Collecting the paths and sending them for "clean-up"
+    """
+    paths = [os.environ['USERPROFILE'] + "\\Documents\\",
+             os.environ['USERPROFILE'] + "\\Desktop\\"]
+
+    f = open('names.txt', 'r')
+    names = f.read().splitlines()
+    f.close()
+
+    for path in paths:
+        clean_dir(path, names)
+
+    os.remove(os.getcwd() + "\\names.txt")
+
+    try:
+        os.remove(os.getcwd() + "\\communicate.txt")
+        os.remove(os.getcwd() + "\\data.txt")
+    except FileNotFoundError:
+        pass
+
+
+if __name__ == '__main__':
+    main()

client.py

@@ -0,0 +1,16 @@
+import json
+import socket
+
+HOST = 'localhost'
+PORT = 8080
+links = ['https://download.sysinternals.com/files/ClockRes.zip', " ",
+         'https://download.sysinternals.com/files/AutoLogon.zip']
+
+out = json.dumps(links)
+sent = out.encode('ASCII')
+
+with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+    s.connect((HOST, PORT))
+    s.sendall(sent)
+    data = s.recv(1024)
+print('Received', repr(data))

crawler.py

@@ -0,0 +1,44 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+"""
+Created on Tue Jan 2 12:13:16 2018
+
+@authors Rafael,Dmitriy
+Ransomware Detection Project
+Technion, Haifa, Israel
+
+Auxiliary script for crawling through honeypot files and
+saving their names.
+"""
+
+import os
+
+
+def crawl(directory):
+    """
+     Record the names of files that exist in current dir
+    """
+    names = []
+    extensions = [".jpg", ".mp3", ".txt", ".xlsx", ".mp4"]
+
+    for dirName, dirlist, fileList in os.walk(directory):
+        for fname in fileList:
+            filename, file_extension = os.path.splitext(fname)
+            if file_extension in extensions:
+                names.append(filename + file_extension)
+
+    file = open("names.txt", "a+")
+    for name in names:
+        file.write(name + "\n")
+    file.close()
+
+
+def main():
+    crawl(os.environ['USERPROFILE'] + "\\Desktop\\honey\\")
+    crawl(os.environ['USERPROFILE'] + "\\Pictures\\")
+    crawl(os.environ['USERPROFILE'] + "\\Music\\")
+    crawl(os.environ['USERPROFILE'] + "\\Videos\\")
+
+
+if __name__ == '__main__':
+    main()

dictionary.txt

@@ -0,0 +1,84 @@
+I wish I found some better sounds no ones ever heard,
+I wish I had a better voice that sang some better words,
+I wish I found some chords in an order that is new,
+I wish I didn't have to rhyme every time I sang,
+
+I was told when I get older all my fears would shrink,
+But now Im insecure and I care what people think.
+My names Blurryface and I care what you think
+
+Wish we could turn back time, to the good ol days,
+When our momma sang us to sleep but now were stressed out.
+
+Sometimes a certain smell will take me back to when I was young,
+How come Im never able to identify where its coming from,
+Id make a candle out of it if I ever found it,
+Try to sell it, never sell out of it, Id probably only sell one,
+
+Itd be to my brother, cause we have the same nose,
+Same clothes homegrown a stones throw from a creek we used to roam,
+But it would remind us of when nothing really mattered,
+Out of student loans and treehouse homes we all would take the latter.
+
+My names Blurryface and I care what you think
+
+Wish we could turn back time, to the good old days,
+When our momma sang us to sleep but now were stressed out.
+
+We used to play pretend, give each other different names,
+We would build a rocket ship and then wed fly it far away,
+Used to dream of outer space but now they are laughing at our face,
+Saying, wake up, you need to make money."
+
+Wish we could turn back time, to the good ol days,
+When our momma sang us to sleep but now were stressed out.
+
+So close no matter how far
+Couldn't be much more from the heart
+Forever trusting who we are
+And nothing else matters
+
+Never opened myself this way
+Life is ours, we live it our way
+All these words I don't just say
+And nothing else matters
+
+Trust I seek and I find in you
+Every day for us something new
+Open mind for a different view
+And nothing else matters
+
+Never cared for what they do
+Never cared for what they know
+But I know
+
+So close no matter how far
+Couldn't be much more from the heart
+Forever trusting who we are
+And nothing else matters
+
+Never cared for what they do
+Never cared for what they know
+But I know
+
+I never opened myself this way
+Life is ours, we live it our way
+All these words I don't just say
+And nothing else matters
+
+Trust I seek and I find in you
+Every day for us something new
+Open mind for a different view
+And nothing else matters
+
+Never cared for what they say
+Never cared for games they play
+Never cared for what they do
+Never cared for what they know
+And I know
+
+So close no matter how far
+Couldn't be much more from the heart
+Forever trusting who we are
+No nothing else matters
+