Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 04, 2013
Technology
0
240
Grabbing fresh evil bits: Maltrieve
BSides San Antonio - May 2013 - retrieving malware from sources
Kyle Maxwell
May 04, 2013
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
110
Using Python to Fight Cybercrime
krmaxwell
2
230
Incident Patterns
krmaxwell
0
430
Hackertainment
krmaxwell
1
230
Threat Intelligence for Incident Response
krmaxwell
0
190
From Minion to Engineer
krmaxwell
0
120
Why XOR Crypto Sucks
krmaxwell
0
210
Open Source Threat Intelligence - Shakacon
krmaxwell
1
890
Secure Blogging
krmaxwell
0
140
Other Decks in Technology
See All in Technology
たまに起きる外部サービスの障害に備えたり備えなかったりする話
egmc
0
250
Database イノベーショントークを振り返る/reinvent-2025-database-innovation-talk-recap
emiki
0
230
WordPress は終わったのか ~今のWordPress の制作手法ってなにがあんねん?~ / Is WordPress Over? How We Build with WordPress Today
tbshiki
1
820
AIエージェント開発と活用を加速するワークフロー自動生成への挑戦
shibuiwilliam
4
260
AWS運用を効率化する!AWS Organizationsを軸にした一元管理の実践/nikkei-tech-talk-202512
nikkei_engineer_recruiting
0
100
業務のトイルをバスターせよ 〜AI時代の生存戦略〜
staka121
PRO
2
220
AWS CLIの新しい認証情報設定方法aws loginコマンドの実態
wkm2
6
750
MLflowで始めるプロンプト管理、評価、最適化
databricksjapan
1
260
Microsoft Agent 365 についてゆっくりじっくり理解する!
skmkzyk
0
380
5分で知るMicrosoft Ignite
taiponrock
PRO
0
390
AI-DLCを現場にインストールしてみた:プロトタイプ開発で分かったこと・やめたこと
recruitengineers
PRO
2
160
Amazon Quick Suite で始める手軽な AI エージェント
shimy
0
190
Featured
See All Featured
Imperfection Machines: The Place of Print at Facebook
scottboms
269
13k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
359
30k
[RailsConf 2023] Rails as a piece of cake
palkan
58
6.2k
4 Signs Your Business is Dying
shpigford
186
22k
Java REST API Framework Comparison - PWX 2021
mraible
34
9k
The Pragmatic Product Professional
lauravandoore
37
7.1k
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.1k
Writing Fast Ruby
sferik
630
62k
Optimizing for Happiness
mojombo
379
70k
Faster Mobile Websites
deanohume
310
31k
Documentation Writing (for coders)
carmenintech
77
5.2k
Transcript
Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy
Star Wars Day!
No Imperial entanglements. All opinions are my own.
What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions
krmaxwell
egmc
emiki
tbshiki
shibuiwilliam
nikkei_engineer_recruiting
staka121
wkm2
databricksjapan
skmkzyk
taiponrock
recruitengineers
shimy
scottboms
bermonpainter
palkan
shpigford
mraible
lauravandoore
denniskardys
kastner
sferik
mojombo
deanohume
carmenintech
