Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 04, 2013
Technology
0
240
Grabbing fresh evil bits: Maltrieve
BSides San Antonio - May 2013 - retrieving malware from sources
Kyle Maxwell
May 04, 2013
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
96
Using Python to Fight Cybercrime
krmaxwell
2
220
Incident Patterns
krmaxwell
0
400
Hackertainment
krmaxwell
1
220
Threat Intelligence for Incident Response
krmaxwell
0
170
From Minion to Engineer
krmaxwell
0
120
Why XOR Crypto Sucks
krmaxwell
0
210
Open Source Threat Intelligence - Shakacon
krmaxwell
1
880
Secure Blogging
krmaxwell
0
140
Other Decks in Technology
See All in Technology
ホワイトボードチャレンジ 説明&実行資料
ichimichi
0
130
組織貢献をするフリーランスエンジニアという生き方
n_takehata
1
1.3k
Building Products in the LLM Era
ymatsuwitter
10
5.4k
技術的負債解消の取り組みと専門チームのお話 #技術的負債_Findy
bengo4com
1
1.3k
バックエンドエンジニアのためのフロントエンド入門 #devsumiC
panda_program
18
7.4k
『衛星データ利用の方々にとって近いようで触れる機会のなさそうな小話 ~ 衛星搭載ソフトウェアと衛星運用ソフトウェア (実物) を動かしながらわいわいする編 ~』 @日本衛星データコミニティ勉強会
meltingrabbit
0
140
Swiftの “private” を テストする / Testing Swift "private"
yutailang0119
0
130
Culture Deck
optfit
0
410
ユーザーストーリーマッピングから始めるアジャイルチームと並走するQA / Starting QA with User Story Mapping
katawara
0
200
2/18/25: Java meets AI: Build LLM-Powered Apps with LangChain4j
edeandrea
PRO
0
110
モノレポ開発のエラー、誰が見る?Datadog で実現する適切なトリアージとエスカレーション
biwashi
6
800
Helm , Kustomize に代わる !? 次世代 k8s パッケージマネージャー Glasskube 入門 / glasskube-entry
parupappa2929
0
250
Featured
See All Featured
Rebuilding a faster, lazier Slack
samanthasiow
80
8.8k
Six Lessons from altMBA
skipperchong
27
3.6k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
29
1k
Code Review Best Practice
trishagee
67
18k
The Invisible Side of Design
smashingmag
299
50k
Side Projects
sachag
452
42k
Why Our Code Smells
bkeepers
PRO
336
57k
Large-scale JavaScript Application Architecture
addyosmani
511
110k
Mobile First: as difficult as doing things right
swwweet
223
9.3k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.4k
[RailsConf 2023] Rails as a piece of cake
palkan
53
5.2k
What's in a price? How to price your products and services
michaelherold
244
12k
Transcript
Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy
Star Wars Day!
No Imperial entanglements. All opinions are my own.
What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions
krmaxwell
ichimichi
n_takehata
ymatsuwitter
bengo4com
panda_program
meltingrabbit
yutailang0119
.png){kind=avatar}
optfit
katawara
edeandrea
biwashi
parupappa2929
samanthasiow
skipperchong
garrettdimon
trishagee
smashingmag
sachag
bkeepers
addyosmani
swwweet
danielanewman
palkan
michaelherold
