Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 04, 2013
Technology
0
240
Grabbing fresh evil bits: Maltrieve
BSides San Antonio - May 2013 - retrieving malware from sources
Kyle Maxwell
May 04, 2013
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
100
Using Python to Fight Cybercrime
krmaxwell
2
220
Incident Patterns
krmaxwell
0
430
Hackertainment
krmaxwell
1
230
Threat Intelligence for Incident Response
krmaxwell
0
180
From Minion to Engineer
krmaxwell
0
120
Why XOR Crypto Sucks
krmaxwell
0
210
Open Source Threat Intelligence - Shakacon
krmaxwell
1
890
Secure Blogging
krmaxwell
0
140
Other Decks in Technology
See All in Technology
コンテキストエンジニアリングとは? 考え方と応用方法
findy_eventslides
4
880
「AI駆動PO」を考えてみる - 作る速さから価値のスループットへ:検査・適応で未来を開発 / AI-driven product owner. scrummat2025
yosuke_nagai
4
540
C# 14 / .NET 10 の新機能 (RC 1 時点)
nenonaninu
1
1.5k
SwiftUIのGeometryReaderとScrollViewを基礎から応用まで学び直す:設計と活用事例
fumiyasac0921
0
130
PythonとLLMで挑む、 4コマ漫画の構造化データ化
esuji5
1
130
Pythonによる契約プログラミング入門 / PyCon JP 2025
7pairs
5
2.5k
リーダーになったら未来を語れるようになろう/Speak the Future
sanogemaru
0
270
10年の共創が示す、これからの開発者と企業の関係 ~ Crossroad
soracom
PRO
1
150
pprof vs runtime/trace (FlightRecorder)
task4233
0
150
インサイト情報からどこまで自動化できるか試してみた
takas0522
0
140
BirdCLEF+2025 Noir 5位解法紹介
myso
0
190
SOC2取得の全体像
shonansurvivors
1
360
Featured
See All Featured
Fireside Chat
paigeccino
40
3.7k
Why Our Code Smells
bkeepers
PRO
339
57k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Raft: Consensus for Rubyists
vanstee
139
7.1k
Music & Morning Musume
bryan
46
6.8k
How to Ace a Technical Interview
jacobian
280
23k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
9.7k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
32
2.2k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.5k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Side Projects
sachag
455
43k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
Transcript
Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy
Star Wars Day!
No Imperial entanglements. All opinions are my own.
What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions
krmaxwell
findy_eventslides
yosuke_nagai
nenonaninu
fumiyasac0921
esuji5
7pairs
sanogemaru
soracom
task4233
takas0522
myso
shonansurvivors
paigeccino
bkeepers
chriscoyier
vanstee
bryan
jacobian
eileencodes
marcduiker
marktimemedia
keithpitt
sachag
jcasabona
