DFIRArtifactMuseum icon indicating copy to clipboard operation
DFIRArtifactMuseum copied to clipboard

Published 20 hours ago verified publisher icon AndrewRathbun

Run APTSimulator with different AV products installed

Open AndrewRathbun opened this issue 2 years ago • 2 comments

  • [X] Windows Defender - https://github.com/AndrewRathbun/DFIRArtifactMuseum/commit/8d15f00de0445fba1ce71585c80b6f15e861e920
  • [ ] Symantec (need trial EXE)
  • [x] Sophos - https://github.com/AndrewRathbun/DFIRArtifactMuseum/commit/4ff8da981897815e209446ae3465da4d1c0645ee
  • [x] TrendMicro - https://github.com/AndrewRathbun/DFIRArtifactMuseum/commit/4ff8da981897815e209446ae3465da4d1c0645ee
  • [x] Kaspersky - https://github.com/AndrewRathbun/DFIRArtifactMuseum/commit/4ff8da981897815e209446ae3465da4d1c0645ee
  • [x] BitDefender - https://github.com/AndrewRathbun/DFIRArtifactMuseum/commit/64ef2d587f51764d1f48107800785492b5ea3a49
  • [x] AVG - https://github.com/AndrewRathbun/DFIRArtifactMuseum/commit/64ef2d587f51764d1f48107800785492b5ea3a49
  • [x] Avast - https://github.com/AndrewRathbun/DFIRArtifactMuseum/commit/64ef2d587f51764d1f48107800785492b5ea3a49
  • [x] Avira - https://github.com/AndrewRathbun/DFIRArtifactMuseum/commit/64ef2d587f51764d1f48107800785492b5ea3a49
  • [x] Malwarebytes - https://github.com/AndrewRathbun/DFIRArtifactMuseum/commit/64ef2d587f51764d1f48107800785492b5ea3a49
  • [ ] Disabled AV
  • [ ] McAfee
  • [ ] TotalAV
  • [ ] ESET
  • [ ] Aura
  • [ ] Webroot
  • [ ] Intego
  • [ ] Norton - https://us.norton.com/downloads
  • [ ] INSERT AV HERE (taking requests)

Windows Defender and Symantec have dedicated parsers, so I want to be sure those are covered.

AndrewRathbun avatar Mar 13 '22 21:03 AndrewRathbun

Also, provide E01s of each simulation. Hosted on MediaFire.

AndrewRathbun avatar Mar 13 '22 21:03 AndrewRathbun

https://github.com/EricZimmerman/KapeFiles/tree/master/Targets/Antivirus

Use this as a guide for which AV products to generate datasets with.

AndrewRathbun avatar Apr 23 '22 11:04 AndrewRathbun