POSMalwareC2Tracker

Targets the following POS malware:

1. *POSCardStealer.O
2. *Dexter
3. *Alina
4. *POSmalware
5. *JackPos
6. *BlackPOS

Author: Vitali Kremez

Powered by SQLite, Python, JavaScript, HTML, GoogleMap API, IP-API JSON API

Creates a SQL table with over 100 known point-of-sale malware command-and-control servers and visualizes the database via GoogleMap API.

Usage:

(1) Run Loader.py to create monolithic "POSMalwareAdminTracker.sqlite" database with columns rdate, url, ip, rtype, rsource);

(2) Run IPConverter.py to convert hostnames to cities using http://ip-api.com JSON API and post data to "where.data";

(3) Run Geoload.py to parse "where.data", obtain lat/long values using Google MAP API, and store values in another database "geodata.sqlite";

(4) Run Geodump.py to map the data from "geodata.sqlite" to Javascript file "where.js";

(5) View the Google-mapped values in "where.html" that points to "where.js".