Poster: OpenAPT–Open-Source Advanced Persistent Threat for Academic Research

Mordehai Guri, Tom Sela, Yuval Elovici

Modern advanced malware developers are always adapting new techniques in order to evade security systems. Typical Advanced Persistent Threat (APT) might utilize sophisticated stealth mechanisms, polymorphism engines, antiforensic capabilities, unique covert channels, and new infection vectors. Security companies such as AV vendors are constantly updated with the state-of-the art threats, which allows them to develop new defense mechanisms. However, academic security research suffers from the lack of access to the latest APTs information. Malware source-code, implementation details and even binaries are commonly not available publicly, preventing innovative research in the scientific community. In this paper we present the work-in-progress of OpenAPT, a community supported, open-source advanced malware development and documentation framework. Providing researchers code-samples and documentation of malware and set of APT mechanisms to compile and test against their new security mechanisms. The framework’s contents are all available under the GPL license, inviting the community to freely use and contribute to the collaborative knowledge.