Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 04, 2013
Technology
0
240
Grabbing fresh evil bits: Maltrieve
BSides San Antonio - May 2013 - retrieving malware from sources
Kyle Maxwell
May 04, 2013
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
100
Using Python to Fight Cybercrime
krmaxwell
2
220
Incident Patterns
krmaxwell
0
420
Hackertainment
krmaxwell
1
230
Threat Intelligence for Incident Response
krmaxwell
0
180
From Minion to Engineer
krmaxwell
0
120
Why XOR Crypto Sucks
krmaxwell
0
210
Open Source Threat Intelligence - Shakacon
krmaxwell
1
890
Secure Blogging
krmaxwell
0
140
Other Decks in Technology
See All in Technology
夢の印税生活 / Life on Royalties
tmtms
0
250
Rethinking Incident Response: Context-Aware AI in Practice - Incident Buddy Edition -
rrreeeyyy
0
130
LLM 機能を支える Langfuse / ClickHouse のサーバレス化
yuu26
9
2.7k
工業高校で学習したとあるエンジニアのキャリアの話
shirayanagiryuji
0
120
Amazon Bedrock AgentCore でプロモーション用動画生成エージェントを開発する
nasuvitz
6
330
[OCI Technical Deep Dive] OCIで生成AIを活用するためのソリューション解説(2025年8月5日開催)
oracle4engineer
PRO
0
130
React Server ComponentsでAPI不要の開発体験
polidog
PRO
1
360
GCASアップデート(202506-202508)
techniczna
0
230
Exadata Database Service on Dedicated Infrastructure セキュリティ、ネットワーク、および管理について
oracle4engineer
PRO
1
340
薬屋のひとりごとにみるトラブルシューティング
tomokusaba
0
410
マイクロモビリティシェアサービスを支える プラットフォームアーキテクチャ
grimoh
1
110
Backboneとしてのtimm2025
yu4u
3
1.1k
Featured
See All Featured
Art, The Web, and Tiny UX
lynnandtonic
302
21k
Build your cross-platform service in a week with App Engine
jlugia
231
18k
KATA
mclloyd
32
14k
A Modern Web Designer's Workflow
chriscoyier
695
190k
Producing Creativity
orderedlist
PRO
347
40k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Music & Morning Musume
bryan
46
6.7k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
9
770
Automating Front-end Workflow
addyosmani
1370
200k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
183
54k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.6k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
10
1k
Transcript
Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy
Star Wars Day!
No Imperial entanglements. All opinions are my own.
What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions
krmaxwell
tmtms
rrreeeyyy
yuu26
shirayanagiryuji
nasuvitz
oracle4engineer
polidog
techniczna
tomokusaba
grimoh
yu4u
lynnandtonic
jlugia
mclloyd
chriscoyier
orderedlist
pedronauck
bryan
tammyeverts
addyosmani
soudai
mongodb
