摘要 |
Systems and methods for tracking malware operator behavior patterns in a network environment simulated for an extended period of time include a processor that causes the system to receive organizational data that describes a virtual organization, obtain additional data related to the organizational data, and provide a simulated computer network of the virtual organization based on the organizational data. The process can further cause the system to install at least one malware on the simulated computer network, monitor one or more interactions between the simulated computer network and an operator of the malware, and build a malware operator profile that characterizes the operator of the malware based on the one or more interactions, with which the operator of the malware can be identified in subsequent interactions. |