Malwarez v0.1.a Code Name:Ben
We are pleased to announce the alpha release of version 0.1 of Malwarez project.
You can find the demo here.
The aim was to provide real time visualization of malware activities with historical data. In our development plan there are 3 main features we are planning to implement.
1) Activity map
3) Attack Relation Map
Currently we implemented activity map feature. Other 2 features are currently work in progress. We hope soon to announce them too.
In activity map we visualize the malware activities based on geo locations. As zooming capability 2 levels of maps exists with names of world and country levels.
In world level you would notice 2 kind of symbols. First one is red bubbles, which represents the malware activity frequencies. For performance reason overlapped symbols are drawn as one larger bubble. The other one is yellow dots, which represent live data. Each yellow dot shows a new event fetched from hpfriends project and disappears after 3 seconds and update the red bubbles. Both countries and Symbols have tooltips to show the frequencies. Country tooltips shows the total number of activities caused by that country. Symbol tooltips shows the total number of activities caused by host located at that geo location.
On the left side of the screen you will see some statistics about the collected hpfeeds data. Each statistics is in form of “<value>(<number of records>)”. Here is a screen shot:
Here is the meanings of labels:
– Attacker Country: most seen malware activity in countries.
– Attacker Port: most seen Source port for attacks.
– Attacker IP: most seen Source IP in collected hpfeeds data
– Target Port: most seen Destination Port in collected hpfeeds data(Currently we collect data only from dionaea.capture channel. So that there is only one value. We will add more channels soon.)
Clicking on statistics (currently it is available for attacker IP only) will show a small modal and gives additional information collected from hpfeeds. We plan to add additional data sources soon such as Mnemosyne.
Clicking on countries or red bubbles will open a new modal screen to show country specific malware activities. In that map, bar graphs represents the malware activity frequencies. Bars are updated upon new event data. In this map there is no indicator for new events like yellow dots in world map but we will add such feature soon. Bar symbols have tooltips which shows the name of the city and the number of events recorded. Clicking on bars will open new statistics modal in the next release.
On the left side of the screen again you will find some statistics. This time they are country specific. Same labels are used as in world map.
– Poor performance on firefox. (Works best with chromium)
– Poor browser compatibility tests
– Static tooltip content on world map
– No i18n
– new added symbols does not have tooltips on worldmap
In short, next minor release will contain following new features and improvements:
– dynamic tooltip content on world map
– clicking on bars will open a statistics modal about the selected city
– more hpfeeds channels
– new event indicator for country maps
– Heat map feature (optional may be delayed to major release)
– code improvements
Next major release will contain:
– Attack Relation Map Feature
– Performance improvements
— Currently upon new event all symbols are updated which is unnecessary. We should update only necessary symbols.
– Code Refactoring
– Pan and Zoom feature on both levels
It is an alpha release with limitations and bugs. Feel free to report any issue or feature request! Any feedback is welcomed.
Hope you enjoy it. 🙂