Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Malware visualization on earth map
Branch: master
Pull request Compare This branch is even with YakindanEgitim:master.

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
malwarez
scripts
templates
web
.gitignore
AUTHORS
CHANGELOG
LICENSE
README.md
TODO
bootstrap.min.js.LICENSE
chroma.js.LICENSE
manage.py
pip_requirements.txt
prepareDB.sh
run.py

README.md

MalwareZ

MalwareZ is a project for visualizing malware activity on earth map. Current ersion is v0.2a.

Aim

The aim was to provide real time visualization of malware activities with historical data.

Here is a sample demo: http://malwarez.comu.edu.tr:8001

Current Status

At the demo site v0.2a has two visualizations. One of them is the 2D map that displays number of malwares detected depending on the geographic location. The data is gathered from distributed honeypots using Hpfeeds. Clicking on the countries will cause 3D map display. You will see the per country basis malware hits by observing the bar heights.

Second visualization is the heatmap display. Either looking at the diversities or the malware counts, the heatmap is regenerated.

Both the 2D map and heatmap is working in live mode, that is you will see either yellow or green dots that means a new malware hit detected at this point. Depending on the channel frequency used with hpfeeds, the more dots may be seen.

Some statistical knowledge als can be gathered by clicking at the left side arrow. The sliding panel will display top ports and IP numbers.

How to install

  • Before installation please make sure that your system has necessary packages installed.
  • For Ubuntu run the below command at the terminal window:

    $ sudo apt-get install build-essential python-dev libevent-dev libmysqlclient-dev python-virtualenv

  • Then you will need virtual environment to install the required packaes at a single directory.

    $ virtualenv env-demo --no-site-packages (tested with version 1.9.1) $ cd env-demo $ source bin/activate

  • Clone the cource code

    $ git clone https://github.com/YakindanEgitim/malwarez.git $ cd malwarez $ git checkout devel

  • Install Python dependencies

    $ pip install -r pip_requirements.txt

  • You need to create a database and create a user for it. Open prepareDB.sh and set root username (password will be prompted during execution) also set the variables to create new db and user, such as hostname, database, username and password

    $ ./prepareDB.sh

  • update settings.py with info from prepareDB.sh

  • Let the Django DB API create required tables by running the below command

    $ ./manage.py syncdb

  • Run the server and feeder for live data. You need Hpfriends user ident and key with a shared channel. Update ./scripts/hpfeeds/hpfeeds.json with your information before running the below command.

    $ ./run.py & $ ./scripts/hpfeeds/feedReader.py &

How to run

By default it is running on port 80. just open localhost on your browser and that's it.

FAQ

How to change port number of server?

  • 2 files should be changed. Both of the following variable values should be same otherwise new events does not shows up.
  • run.py: change the value of PORT variable
  • scripts/hpfeeds/feedReader.py: change the value of socketIOPort

I added a script but can not find modules although they are installed in virtualenv.

  • check the python interpreter line. don not use #!/usr/bin/python which is system's interpreter not the virtual-env's. Use #!/usr/bin/env python

Tools

This project uses following libraries/projects. Thanks for their great work...

Showing Fancy SVG maps

Realtime Data Support

For web front-end:

DB backend

Socket.io Django Integration

Restful API

Collecting hpfeeds data and sending realtime data to server over socket.io

Generating both 2D and 3D SVG maps

Geo-Location Services

General Purpose :)

Nice Layout :)

Something went wrong with that request. Please try again.