POC framework for classifying text files and detecting ransomware at runtime.
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes.
Haven't tested this on another box yet, so YMMV..
sysmon
Python 3
spaCy
pandas
python WMI - https://pypi.org/project/WMI
pywin32api - https://pypi.org/project/pypiwin32
Download all prerequisites, then install sysmon with the provided sysmon_config.xml:
sysmon.exe -i sysmon_config.xml
After that, you'll need to add the following registry key to enable querying the sysmon event log through WMI:
HKLM\SYSTEM\CurrentControlSet\services\eventlog\Microsoft-Windows-Sysmon/Operational
Proceed to install all other prerequisites then you should be good to go.
At least this is pretty simple:
python.exe framework.py
- Mark Mager - Initial work - magerbomb
This project is licensed under the AGPLv3 License - see the LICENSE-AGPLv3.txt file for details