| CPC G06F 21/53 (2013.01) [G06F 21/566 (2013.01); H04L 63/1416 (2013.01); H04L 63/145 (2013.01)] | 18 Claims |
|
1. An apparatus comprising at least one hardware processor and a memory storing computer-readable instructions that, when executed by the at least one hardware processor, cause the apparatus to:
determine an environmental indicator used by a target filtering mechanism associated with a malware program to prevent execution in a sandbox environment, wherein the environmental indicator comprises an indication of a file system structure of the sandbox environment;
determine whether the environmental indicator is within a predetermined percentile of environmental indicators, in a malware database, arranged in a priority order from lowest priority to highest priority, wherein the priority order of the environmental indicators is based on respective quantities of malware programs using the environmental indicators; and
based on determining that the environmental indicator is within the predetermined percentile of the environmental indicators:
generate, based on the environmental indicator, an inoculation message for transmission to one or more computing devices in a computing network, wherein the inoculation message comprises the indication of the file system structure; and
send, to the one or more computing devices, the inoculation message, wherein the inoculation message causes the one or more computing devices to integrate the indication of the file system structure into corresponding computing environments of the one or more computing devices.
|