README

mIoTree

mIoTree is a knowledge database with interactive visualization for IoT malware families. It uses a tree diagram combined with a timeline to map out the genealogy and evolution of IoT malware.

In this version v1.0.1 we have over 100 different IoT malware families tracked.
Note: All screenshots and images in this repository are for demonstration purposes only.

Features

Hover for Details

Hover over any malware family name to reveal a tooltip with detailed information such as parent relationships, CPU architectures, botnet size, open-source status, and more.

Family Detail Timeline

Click on a family name or the "Details" button in the hover tooltip to navigate to a dedicated timeline page for that family. This timeline tracks attacks, news, and notable incidents associated with the selected malware family.

mIoTree

mIoTree is django webapplication. It use django, saves it data in SQLLite and use d3.js + Formantic-UI for the graphics view.

Used technlogies

Django 4.2.1
Formantic-UI 2.9.2
d3.js V7
SQLLite 3.40.1
python3

Run on docker

Download the Project. Run Docker-compose with docker-compose up -d.

Local running

Download the project. Create a virtualenv activate it and run python3 manage.py migrate and python3 manage.py runserver

Now you can reach miotree on http://127.0.0.1:8000.

Add new Families

To add new families you can use the admin side on http://127.0.0.1:8000/admin/polls/family/

Important

You have to watch out if you add a new family.

Every date is saved in YYYY-MM-Format
Parents needs the id of the parents if you have more than one parent, you need to save it with comma and without spaces ex. 18,9,16

Database

in the database, the information about the IoT malware families is stored in a polly_family table, in addition to the Django-dependent tables.

In the column infromations, JSON is saved in text format. The JSON looks like this:

{"childs": [""],
     "cpu": ["MIPS"],
     "topologie": "",
     "code_similarity": "",
     "category": [""],
     "attack": ["Wiper"],
     "info": [""],
     "urls": [""]}

Troubleshooting

command to register runner gitlab-runner register --url REMOVED --registration-token $REGISTRATION_TOKEN

curl -L -X POST "REMOVED"
--header "PRIVATE-TOKEN: REMOVED"
--form "token=REMOVED" --form "description=my-runner"
--form "tag_list=amd64,linux,kind"

Name		Name	Last commit message	Last commit date
Latest commit History 16 Commits
_pictures		_pictures
polls		polls
.gitignore		.gitignore
.gitlab-ci.yml		.gitlab-ci.yml
CLAUDE.md		CLAUDE.md
Dockerfile		Dockerfile
LICENSE		LICENSE
README.md		README.md
TRADEMARK		TRADEMARK
docker-compose.yml		docker-compose.yml
manage.py		manage.py
requirements.txt		requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

README

mIoTree

Features

Hover for Details

Family Detail Timeline

mIoTree

Used technlogies

Run on docker

Local running

Add new Families

Important

Database

Troubleshooting

About

Uh oh!

Releases 1

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

README

mIoTree

Features

Hover for Details

Family Detail Timeline

mIoTree

Used technlogies

Run on docker

Local running

Add new Families

Important

Database

Troubleshooting

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 1

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages