Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 04, 2013
Technology
0
240
Grabbing fresh evil bits: Maltrieve
BSides San Antonio - May 2013 - retrieving malware from sources
Kyle Maxwell
May 04, 2013
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
110
Using Python to Fight Cybercrime
krmaxwell
2
230
Incident Patterns
krmaxwell
0
430
Hackertainment
krmaxwell
1
230
Threat Intelligence for Incident Response
krmaxwell
0
190
From Minion to Engineer
krmaxwell
0
120
Why XOR Crypto Sucks
krmaxwell
0
210
Open Source Threat Intelligence - Shakacon
krmaxwell
1
890
Secure Blogging
krmaxwell
0
140
Other Decks in Technology
See All in Technology
AWSインフルエンサーへの道 / load of AWS Influencer
whisaiyo
0
220
2025-12-27 Claude CodeでPRレビュー対応を効率化する@機械学習社会実装勉強会第54回
nakamasato
2
220
障害対応訓練、その前に
coconala_engineer
0
190
アラフォーおじさん、はじめてre:Inventに行く / A 40-Something Guy’s First re:Invent Adventure
kaminashi
0
140
普段使ってるClaude Skillsの紹介(by Notebooklm)
zerebom
8
2.1k
松尾研LLM講座2025 応用編Day3「軽量化」 講義資料
aratako
4
3k
会社紹介資料 / Sansan Company Profile
sansan33
PRO
11
390k
20251222_サンフランシスコサバイバル術
ponponmikankan
2
140
Identity Management for Agentic AI 解説
fujie
0
460
特別捜査官等研修会
nomizone
0
560
『君の名は』と聞く君の名は。 / Your name, you who asks for mine.
nttcom
1
120
Lookerで実現するセキュアな外部データ提供
zozotech
PRO
0
200
Featured
See All Featured
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
32
Rails Girls Zürich Keynote
gr2m
95
14k
Heart Work Chapter 1 - Part 1
lfama
PRO
3
35k
It's Worth the Effort
3n
187
29k
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
Embracing the Ebb and Flow
colly
88
4.9k
How Software Deployment tools have changed in the past 20 years
geshan
0
30k
We Have a Design System, Now What?
morganepeng
54
7.9k
Stewardship and Sustainability of Urban and Community Forests
pwiseman
0
72
Between Models and Reality
mayunak
0
150
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.8k
Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO
greggifford
PRO
0
17
Transcript
Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy
Star Wars Day!
No Imperial entanglements. All opinions are my own.
What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions
krmaxwell
whisaiyo
nakamasato
coconala_engineer
kaminashi
zerebom
.jpg){kind=avatar}
aratako
sansan33
ponponmikankan
fujie
nomizone
nttcom
zozotech
marketingsoph
gr2m
lfama
3n
wjessup
colly
geshan
morganepeng
pwiseman
mayunak
mongodb
greggifford
