Compiling TaintDroid

This could be quite cumbersome, so here is a small guide to get TaintDroid running on the emulator.

Web UI and visualization

Hale web ui has been implemented with the help of Google Visualization API and offers an interactive map and various charts for statistical overview and activity timeline. Additionally a search function enables the user to search for botnet and file hashes, related IP numbers, botnet IDs, botnet modules used and botnet hosts. The search result is displaying links to the botnets that have this query info and was developed with Haystack. Currently the web ui development involves a RESTful API with django-piston to handle GET requests and receive info about bots, ips and malwares. Below follow some screenshots of the web interface:

Frameworks and technologies used by Hale

Since the last post alot have happened. For the monitor to handle large amount of botnets and concerning scalability issues, I have moved away from the threaded design. Instead of starting a new thread for each new botnet there is really only one option, nonblocking calls. The design is now based on an event system where the modules are implemented with Twisted and all the protocol grammar are still configurable, without any threads being started for these modules.

Another interesting feature is a producer bot using XMPP that puts all interesting logs to a Jabber share channel. This will make it easy for 3rd parties to fetch logs and do what they desire with it in their own way. To also allow 3rd parties to feed the monitors with botnets to track, a feeder will be able to join a coordinating channel. This channel will also be used by the monitors to get feedback from others if a specific botnet is already monitored and in this way get better utilization.