| CPC H04L 63/1425 (2013.01) [G06F 8/61 (2013.01)] | 14 Claims |
|
1. A method, comprising:
retrieving a data package from a source database;
invoking an auto tester to generate indicators of compromise corresponding to types of malicious behavior on the data package;
triggering the malicious behavior on a user equipment by installing, in response to the invocation, the data package on the user equipment;
implementing an emulation of at least one user event on the data package during the malicious behavior; and
extracting a uniform resource locator, a header, or a request body generated by the user equipment,
wherein the malicious behavior comprises at least one of
setting a clock of the auto tester for a future date;
rebooting the user equipment;
turning on or off a screen of the user equipment; or
activating an idle mode of the user equipment.
|