Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 04, 2013
Technology
250
0
Share
Grabbing fresh evil bits: Maltrieve
BSides San Antonio - May 2013 - retrieving malware from sources
Kyle Maxwell
May 04, 2013
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
110
Using Python to Fight Cybercrime
krmaxwell
2
230
Incident Patterns
krmaxwell
0
450
Hackertainment
krmaxwell
1
240
Threat Intelligence for Incident Response
krmaxwell
0
210
From Minion to Engineer
krmaxwell
0
130
Why XOR Crypto Sucks
krmaxwell
0
220
Open Source Threat Intelligence - Shakacon
krmaxwell
1
910
Secure Blogging
krmaxwell
0
150
Other Decks in Technology
See All in Technology
ポケモンの型をTypeScriptの型システムで表現してみた
subroh0508
0
160
製造業のクラウド活用最適解〜AI,DXを加速するデータ基盤の作り方〜
hamadakoji
0
320
Platform Engineering as a Product: Criteria for Improvement and Multi-Tenant Design
kumorn5s
0
490
はじめてのDatadog
kairim0
0
260
Oracle AI Database@Azure:サービス概要のご紹介
oracle4engineer
PRO
6
1.9k
Platform engineering for developers, architects & the rest of us (AI agents)
danielbryantuk
0
180
OCI Oracle AI Database Services新機能アップデート(2026/03-2026/05)
oracle4engineer
PRO
0
170
Databricks における 生成AIガバナンスの実践
taka_aki
1
280
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
50k
AI活用を推進するために ファインディが下した、一つの小さな決断
starfish719
0
220
電子辞書Brainをネットに繋げてみた(自力編)
raspython3
0
430
Datadog 認定試験の概要と対策
uechishingo
0
230
Featured
See All Featured
Leveraging Curiosity to Care for An Aging Population
cassininazir
1
260
XXLCSS - How to scale CSS and keep your sanity
sugarenia
250
1.3M
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
65
55k
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.3k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
5.9k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
659
62k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Exploring the relationship between traditional SERPs and Gen AI search
raygrieselhuber
PRO
2
4k
Reflections from 52 weeks, 52 projects
jeffersonlam
356
21k
Visualization
eitanlees
152
17k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
2
320
We Have a Design System, Now What?
morganepeng
55
8.2k
Transcript
Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy
Star Wars Day!
No Imperial entanglements. All opinions are my own.
What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions
krmaxwell
subroh0508
hamadakoji
kumorn5s
kairim0
oracle4engineer
danielbryantuk
taka_aki
safie_recruit
starfish719
raspython3
uechishingo
cassininazir
sugarenia
soudai
aleyda
reverentgeek
lemiorhan
chriscoyier
raygrieselhuber
jeffersonlam
eitanlees
tammyeverts
morganepeng
