Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 04, 2013
Technology
0
250
Grabbing fresh evil bits: Maltrieve
BSides San Antonio - May 2013 - retrieving malware from sources
Kyle Maxwell
May 04, 2013
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
110
Using Python to Fight Cybercrime
krmaxwell
2
230
Incident Patterns
krmaxwell
0
440
Hackertainment
krmaxwell
1
230
Threat Intelligence for Incident Response
krmaxwell
0
200
From Minion to Engineer
krmaxwell
0
130
Why XOR Crypto Sucks
krmaxwell
0
220
Open Source Threat Intelligence - Shakacon
krmaxwell
1
900
Secure Blogging
krmaxwell
0
150
Other Decks in Technology
See All in Technology
Kiroで見直す開発プロセスとAI-DLC
k_adachi_01
0
130
Windows ファイル共有(SMB)を再確認する
murachiakira
PRO
0
270
君はジョシュアツリーを知っているか?名前をつけて事象を正しく認識しよう / Do you know Joshua Tree?
ykanoh
4
120
契約書からの情報抽出を行うLLMのスループットを、バッチ処理を用いて最大40%改善した話
sansantech
PRO
2
260
QA組織のAI戦略とAIテスト設計システムAITASの実践
sansantech
PRO
1
130
スピンアウト講座04_ルーティン処理
overflowinc
0
1.2k
データマネジメント戦略Night - 4社のリアルを語る会
ktatsuya
1
220
The Rise of Browser Automation: AI-Powered Web Interaction in 2026
marcthompson_seo
0
310
RGBに陥らないために -プロダクトの価値を届けるまで-
righttouch
PRO
0
110
Embeddings : Symfony AI en pratique
lyrixx
0
210
「捨てる」を設計する
kubell_hr
0
240
Bill One 開発エンジニア 紹介資料
sansan33
PRO
5
18k
Featured
See All Featured
The AI Search Optimization Roadmap by Aleyda Solis
aleyda
1
5.5k
Lightning Talk: Beautiful Slides for Beginners
inesmontani
PRO
1
490
Navigating Team Friction
lara
192
16k
Public Speaking Without Barfing On Your Shoes - THAT 2023
reverentgeek
1
340
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.4k
Optimising Largest Contentful Paint
csswizardry
37
3.6k
Un-Boring Meetings
codingconduct
0
240
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
199
73k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.8k
The Pragmatic Product Professional
lauravandoore
37
7.2k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
11
860
Transcript
Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy
Star Wars Day!
No Imperial entanglements. All opinions are my own.
What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions
krmaxwell
k_adachi_01
murachiakira
ykanoh
sansantech
overflowinc
.jpg){kind=avatar}
ktatsuya
marcthompson_seo
righttouch
lyrixx
kubell_hr
sansan33
aleyda
inesmontani
lara
reverentgeek
garrettdimon
rmw
csswizardry
codingconduct
soudai
bluesmoon
lauravandoore
tammyeverts
