Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 04, 2013
Technology
0
240
Grabbing fresh evil bits: Maltrieve
BSides San Antonio - May 2013 - retrieving malware from sources
Kyle Maxwell
May 04, 2013
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
110
Using Python to Fight Cybercrime
krmaxwell
2
230
Incident Patterns
krmaxwell
0
430
Hackertainment
krmaxwell
1
230
Threat Intelligence for Incident Response
krmaxwell
0
190
From Minion to Engineer
krmaxwell
0
120
Why XOR Crypto Sucks
krmaxwell
0
210
Open Source Threat Intelligence - Shakacon
krmaxwell
1
890
Secure Blogging
krmaxwell
0
140
Other Decks in Technology
See All in Technology
[2025-12-12]あの日僕が見た胡蝶の夢 〜人の夢は終わらねェ AIによるパフォーマンスチューニングのすゝめ〜
tosite
0
170
フィッシュボウルのやり方 / How to do a fishbowl
pauli
2
370
株式会社ビザスク_AI__Engineering_Summit_Tokyo_2025_登壇資料.pdf
eikohashiba
1
110
20251219 OpenIDファウンデーション・ジャパン紹介 / OpenID Foundation Japan Intro
oidfj
0
490
Strands Agents × インタリーブ思考 で変わるAIエージェント設計 / Strands Agents x Interleaved Thinking AI Agents
takanorig
4
2k
AI駆動開発ライフサイクル(AI-DLC)の始め方
ryansbcho79
0
150
「もしもデータ基盤開発で『強くてニューゲーム』ができたなら今の僕はどんなデータ基盤を作っただろう」
aeonpeople
0
230
ペアーズにおけるAIエージェント 基盤とText to SQLツールの紹介
hisamouna
2
1.6k
2025年のデザインシステムとAI 活用を振り返る
leveragestech
0
170
シニアソフトウェアエンジニアになるためには
kworkdev
PRO
3
270
100以上の新規コネクタ提供を可能にしたアーキテクチャ
ooyukioo
0
250
普段使ってるClaude Skillsの紹介(by Notebooklm)
zerebom
8
2.1k
Featured
See All Featured
Context Engineering - Making Every Token Count
addyosmani
9
550
Jess Joyce - The Pitfalls of Following Frameworks
techseoconnect
PRO
1
30
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
31
3k
How to Grow Your eCommerce with AI & Automation
katarinadahlin
PRO
0
75
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
61
47k
Being A Developer After 40
akosma
91
590k
The B2B funnel & how to create a winning content strategy
katarinadahlin
PRO
0
190
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
chikuwait
0
210
Neural Spatial Audio Processing for Sound Field Analysis and Control
skoyamalab
0
130
Designing for humans not robots
tammielis
254
26k
WENDY [Excerpt]
tessaabrams
8
35k
Visual Storytelling: How to be a Superhuman Communicator
reverentgeek
2
400
Transcript
Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy
Star Wars Day!
No Imperial entanglements. All opinions are my own.
What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions
krmaxwell
tosite
pauli
eikohashiba
oidfj
takanorig
ryansbcho79
aeonpeople
hisamouna
leveragestech
kworkdev
ooyukioo
zerebom
addyosmani
techseoconnect
danielanewman
katarinadahlin
nwiizo
akosma
chikuwait
skoyamalab
tammielis
tessaabrams
reverentgeek
