Skip to content

YakindanEgitim/malwarez

Repository files navigation

MalwareZ

MalwareZ is a project for visualizing malware activity on earth map. Current ersion is v0.2a.

Aim

The aim was to provide real time visualization of malware activities with historical data.

Here is a sample demo: http://malwarez.comu.edu.tr:8001

Current Status

At the demo site v0.2a has two visualizations. One of them is the 2D map that displays number of malwares detected depending on the geographic location. The data is gathered from distributed honeypots using Hpfeeds. Clicking on the countries will cause 3D map display. You will see the per country basis malware hits by observing the bar heights.

Second visualization is the heatmap display. Either looking at the diversities or the malware counts, the heatmap is regenerated.

Both the 2D map and heatmap is working in live mode, that is you will see either yellow or green dots that means a new malware hit detected at this point. Depending on the channel frequency used with hpfeeds, the more dots may be seen.

Some statistical knowledge als can be gathered by clicking at the left side arrow. The sliding panel will display top ports and IP numbers.

How to install

  • Before installation please make sure that your system has necessary packages installed.

  • For Ubuntu run the below command at the terminal window:

    $ sudo apt-get install build-essential python-dev libevent-dev libmysqlclient-dev python-virtualenv

  • Then you will need virtual environment to install the required packaes at a single directory.

    $ virtualenv env-demo --no-site-packages (tested with version 1.9.1) $ cd env-demo $ source bin/activate

  • Clone the cource code

    $ git clone https://github.com/YakindanEgitim/malwarez.git $ cd malwarez $ git checkout devel

  • Install Python dependencies

    $ pip install -r pip_requirements.txt

  • You need to create a database and create a user for it. Open prepareDB.sh and set root username (password will be prompted during execution) also set the variables to create new db and user, such as hostname, database, username and password

    $ ./prepareDB.sh

  • update settings.py with info from prepareDB.sh

  • Let the Django DB API create required tables by running the below command

    $ ./manage.py syncdb

  • Run the server and feeder for live data. You need Hpfriends user ident and key with a shared channel. Update ./scripts/hpfeeds/hpfeeds.json with your information before running the below command.

    $ ./run.py & $ ./scripts/hpfeeds/feedReader.py &

How to run

By default it is running on port 80. just open localhost on your browser and that's it.

FAQ

How to change port number of server?

  • 2 files should be changed. Both of the following variable values should be same otherwise new events does not shows up.
  • run.py: change the value of PORT variable
  • scripts/hpfeeds/feedReader.py: change the value of socketIOPort

I added a script but can not find modules although they are installed in virtualenv.

  • check the python interpreter line. don not use #!/usr/bin/python which is system's interpreter not the virtual-env's. Use #!/usr/bin/env python

Tools

This project uses following libraries/projects. Thanks for their great work...

Showing Fancy SVG maps

Realtime Data Support

For web front-end:

DB backend

Socket.io Django Integration

Restful API

Collecting hpfeeds data and sending realtime data to server over socket.io

Generating both 2D and 3D SVG maps

Geo-Location Services

General Purpose :)

Nice Layout :)