Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 04, 2013
Technology
0
240
Grabbing fresh evil bits: Maltrieve
BSides San Antonio - May 2013 - retrieving malware from sources
Kyle Maxwell
May 04, 2013
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
100
Using Python to Fight Cybercrime
krmaxwell
2
220
Incident Patterns
krmaxwell
0
420
Hackertainment
krmaxwell
1
230
Threat Intelligence for Incident Response
krmaxwell
0
180
From Minion to Engineer
krmaxwell
0
120
Why XOR Crypto Sucks
krmaxwell
0
210
Open Source Threat Intelligence - Shakacon
krmaxwell
1
890
Secure Blogging
krmaxwell
0
140
Other Decks in Technology
See All in Technology
完璧を目指さない小さく始める信頼性向上
kakehashi
PRO
0
120
Tableau API連携の罠!?脱スプシを夢見たはずが、逆に依存を深めた話
cuebic9bic
2
160
反脆弱性(アンチフラジャイル)とデータ基盤構築
cuebic9bic
2
110
隙間時間で爆速開発! Claude Code × Vibe Coding で作るマニュアル自動生成サービス
akitomonam
2
230
公開初日に個人環境で試した Gemini CLI 体験記など / Gemini CLI実験レポート
you
PRO
3
1.1k
製造業の課題解決に向けた機械学習の活用と、製造業特化LLM開発への挑戦
knt44kw
0
110
[TechNight #91] Oracle Database 最新パフォーマンス分析手法
oracle4engineer
PRO
3
290
alecthomas/kong はいいぞ
fujiwara3
6
1.2k
Microsoft Learn MCP/Fabric データエージェント/Fabric MCP/Copilot Studio-簡単・便利なAIエージェント作ってみた -"Building Simple and Powerful AI Agents with Microsoft Learn MCP, Fabric Data Agent, Fabric MCP, and Copilot Studio"-
reireireijinjin6
1
190
AI時代の知識創造 ─GeminiとSECIモデルで読み解く “暗黙知”と創造の境界線
nyagasan
0
170
怖くない!GritQLでBiomeプラグインを作ろうよ
pal4de
1
140
ecspressoの設計思想に至る道 / sekkeinight2025
fujiwara3
12
2.1k
Featured
See All Featured
What's in a price? How to price your products and services
michaelherold
246
12k
Speed Design
sergeychernyshev
32
1k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
A Tale of Four Properties
chriscoyier
160
23k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
60k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.6k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
139
34k
A better future with KSS
kneath
238
17k
Site-Speed That Sticks
csswizardry
10
730
Code Review Best Practice
trishagee
69
19k
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Transcript
Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy
Star Wars Day!
No Imperial entanglements. All opinions are my own.
What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions