Memory snapshot dataset of a compromised host with malware using obfuscation evasion techniques

This article presents a dataset for studying the detection of obfuscated malware in volatile computer memory. Several obfuscated reverse remote shells were generated using Metasploit-Framework, Hyperion, and PEScrambler tools. After compromising the host, Memory snapshots of a Windows 10 virtual mac...

Descripción completa

Detalles Bibliográficos
Autores principales: Sadek, Ibrahim, Chong, Penny, Rehman, Shafiq Ul, Elovici, Yuval, Binder, Alexander
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Elsevier 2019
Materias:
Computer Science
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6743008/
https://www.ncbi.nlm.nih.gov/pubmed/31528674
http://dx.doi.org/10.1016/j.dib.2019.104437
Descripción
Sumario:This article presents a dataset for studying the detection of obfuscated malware in volatile computer memory. Several obfuscated reverse remote shells were generated using Metasploit-Framework, Hyperion, and PEScrambler tools. After compromising the host, Memory snapshots of a Windows 10 virtual machine were acquired using the open-source Rekall's WinPmem acquisition tool. The dataset is complemented by memory snapshots of uncompromised virtual machines. The data includes a reference for all running processes as well as a mapping for the designated malware running inside the memory. The datasets are available in the article, for advancing research towards the detection of obfuscated malware from volatile computer memory during a forensic analysis.

Ejemplares similares