Lenny Zeltser just posted an interesting article about protecting production systems by implanting markers that malware mistakes for either being a malware analysis environment or that the malware is already infected with the malware so the malware doesn’t infect it again.
The article is using rapid_env, a tool written in C++ that creates registry entries, files and mutexes by using a configuration file - meaning that your IOC can be used to fake an infection (do remember to take note that the system has been “immunized” so you won’t go on a wild goose chase looking for infected machines).
Read the full article over at https://zeltser.com/malware-immunization-infection-markers/