Skip to content
/ Xbash-DB-Ransom-Simulation Public

An experimental Docker and Python scripts setup to simulate the database wiper and ransom component of the Xbash Malware

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

karlvbiron/Xbash-DB-Ransom-Simulation

BranchesTags

Repository files navigation

Simulation of the Database Wiper and Ransom Component of the Xbash Malware

Meow Attack

This repository builds upon the insights presented in the technical article The Database Slayer: Deep Dive and Simulation of the Xbash Malware. While the original article offered a comprehensive analysis, it focused only on databases aligned with our organization's product offerings. This repository was created to extend that research, offering a broader platform for further experimentation and deeper exploration of Xbash malware’s behavior across additional database environments.

Overview

Xbash is a multifaceted malware combining ransomware, botnet capabilities, cryptomining, and self-propagation. Discovered in 2018, it targets databases such as MySQL, MariaDB, PostgreSQL, MongoDB, Redis, Elasticsearch, OracleDB, and many more databases leading to data destruction.

Features

  • Partial Simulation: Replicates Xbash's database ransomware attack in a controlled environment.
  • Comprehensive Resources: Includes code, configuration files, and insights for hands-on analysis.

Getting Started

Prerequisites

Installation

  1. Clone the Repository:

    git clone https://github.com/karlvbiron/Xbash-DB-Ransom-Simulation.git
cd Xbash-DB-Ransom-Simulation

  2. Set Up the Environment:

    • Virtual Environment (Optional but Recommended):

      python3 -m venv venv
source venv/bin/activate  # On Windows, use 'venv\Scripts\activate'

    • Install Required Python Packages:

      pip install -r requirements.txt

  3. Build and Run Docker Containers:

    • Start the containers:

      sudo docker-compose up -d

Simulation Sequence

  1. Verify Database and Data Setup:

    python fetch_data.py

  2. Execute the Xbash Database Wiper and Ransomware Simulation Script:

    python xbash_simulation.py

  3. Analyze Xbash Execution Aftermath:

    python xbash_aftermath.py

Important Notes

  • Controlled Environment: This simulation is intended for educational and research purposes only. Ensure you run it in a controlled, isolated environment to prevent unintended consequences.
  • Legal Compliance: Always adhere to legal and ethical guidelines when conducting malware simulations.

License

This project is licensed under the MIT License.

Disclaimer: This simulation is for educational purposes only. The authors are not responsible for any misuse or damages resulting from its use.

About

An experimental Docker and Python scripts setup to simulate the database wiper and ransom component of the Xbash Malware

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages