Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 04, 2013
Technology
0
250
Grabbing fresh evil bits: Maltrieve
BSides San Antonio - May 2013 - retrieving malware from sources
Kyle Maxwell
May 04, 2013
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
110
Using Python to Fight Cybercrime
krmaxwell
2
230
Incident Patterns
krmaxwell
0
440
Hackertainment
krmaxwell
1
230
Threat Intelligence for Incident Response
krmaxwell
0
200
From Minion to Engineer
krmaxwell
0
130
Why XOR Crypto Sucks
krmaxwell
0
220
Open Source Threat Intelligence - Shakacon
krmaxwell
1
900
Secure Blogging
krmaxwell
0
150
Other Decks in Technology
See All in Technology
事例から紐解くSHIFT流QA支援 ~大規模プロジェクトの品質管理支援、QA組織立ち上げ~ / 20260320 Nozomu Koketsu
shift_evolve
PRO
0
140
新規事業×QAの挑戦:不確実性を乗りこなす!フェーズごとに求められるQAの役割変革
hacomono
PRO
0
180
スピンアウト講座04_ルーティン処理
overflowinc
0
1.2k
Why we keep our community?
kawaguti
PRO
0
180
SaaSに宿る21g
kanyamaguc
2
160
BFCacheを活用して無限スクロールのUX を改善した話
apple_yagi
0
120
Bref でサービスを運用している話
sgash708
0
190
DDD×仕様駆動で回す高品質開発のプロセス設計
littlehands
6
2.4k
「コントロールの三分法」で考える「コト」への向き合い方 / phperkaigi2026
blue_goheimochi
0
150
スピンアウト講座03_CLAUDE-MDとSKILL-MD
overflowinc
0
1.2k
データマネジメント戦略Night - 4社のリアルを語る会
ktatsuya
1
220
JEDAI認定プログラム JEDAI Order 2026 受賞者一覧 / JEDAI Order 2026 Winners
databricksjapan
0
320
Featured
See All Featured
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
New Earth Scene 8
popppiees
1
1.8k
Facilitating Awesome Meetings
lara
57
6.8k
Faster Mobile Websites
deanohume
310
31k
Exploring the relationship between traditional SERPs and Gen AI search
raygrieselhuber
PRO
2
3.7k
The Pragmatic Product Professional
lauravandoore
37
7.2k
Digital Projects Gone Horribly Wrong (And the UX Pros Who Still Save the Day) - Dean Schuster
uxyall
0
820
Jess Joyce - The Pitfalls of Following Frameworks
techseoconnect
PRO
1
120
Building a A Zero-Code AI SEO Workflow
portentint
PRO
0
410
My Coaching Mixtape
mlcsv
0
85
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
KATA
mclloyd
PRO
35
15k
Transcript
Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy
Star Wars Day!
No Imperial entanglements. All opinions are my own.
What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions
krmaxwell
shift_evolve
hacomono
overflowinc
kawaguti
kanyamaguc
apple_yagi
sgash708
littlehands
blue_goheimochi
.jpg){kind=avatar}
ktatsuya
databricksjapan
wjessup
popppiees
lara
deanohume
raygrieselhuber
lauravandoore
uxyall
techseoconnect
portentint
mlcsv
keithpitt
mclloyd
