Ransomware tracker is a great resource for following current ransomware campaigns. This repository includes some scripts to assist in visualising the data from RT using mal4s.
- rt-processing.awk: an AWK script that will take the current rt feed and generate a well formatted mal4s file
- rt-lastest.conf: a sample configuration file for mal4s
- rt-latest.mal4s: sample RT data in mal4s format
- A data directory containing some icons
To generate the mal4s formatted data file (rt-latest.mal4s) execute the following:
curl -s http://ransomwaretracker.abuse.ch/feeds/csv/ |\
grep -v ^# |\
sed 's/"//g' |\
rt-processing.awk | sort -n >\
rt-latest.mal4s
Running the mal4s visualisation:
After adding the contents of the data directory to mal4s (c:\mal4s on windows), execute the following:
mal4s.exe -C rt-latest.conf -c 4 -f rt-latest.mal4s
This will produce an animation of ransomware infrastructure over time like below:
- Tested on linux. Mal4s output can be used on Windows and Mac OS X systems, but generation scripts cannot.