Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 04, 2013
Technology
0
240
Grabbing fresh evil bits: Maltrieve
BSides San Antonio - May 2013 - retrieving malware from sources
Kyle Maxwell
May 04, 2013
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
110
Using Python to Fight Cybercrime
krmaxwell
2
220
Incident Patterns
krmaxwell
0
430
Hackertainment
krmaxwell
1
230
Threat Intelligence for Incident Response
krmaxwell
0
190
From Minion to Engineer
krmaxwell
0
120
Why XOR Crypto Sucks
krmaxwell
0
210
Open Source Threat Intelligence - Shakacon
krmaxwell
1
890
Secure Blogging
krmaxwell
0
140
Other Decks in Technology
See All in Technology
Agents IA : la nouvelle frontière des LLMs (Tech.Rocks Summit 2025)
glaforge
0
470
Gemini でコードレビュー知見を見える化
zozotech
PRO
1
130
直接メモリアクセス
koba789
0
250
最近のLinux普段づかいWaylandデスクトップ元年
penguin2716
1
570
なぜ使われないのか?──定量×定性で見極める本当のボトルネック
kakehashi
PRO
1
1.1k
“決まらない”NSM設計への処方箋 〜ビットキーにおける現実的な指標デザイン事例〜 / A Prescription for "Stuck" NSM Design: Bitkey’s Practical Case Study
bitkey
PRO
1
520
生成AI時代の自動E2Eテスト運用とPlaywright実践知_引持力哉
legalontechnologies
PRO
0
190
AI時代におけるアジャイル開発について
polyscape_inc
0
120
【CEDEC+KYUSHU2025】学生・若手必見!テクニカルアーティスト 大全 ~仕事・スキル・キャリアパス、TAの「わからない」を徹底解剖~
cygames
PRO
0
130
Oracle Technology Night #95 GoldenGate 26ai の実装に迫る1
oracle4engineer
PRO
0
120
あなたの知らないDateのひみつ / The Secret of "Date" You Haven't known #tqrk16
expajp
0
120
Ryzen NPUにおけるAI Engineプログラミング
anjn
0
240
Featured
See All Featured
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3.2k
Rebuilding a faster, lazier Slack
samanthasiow
84
9.3k
Building a Scalable Design System with Sketch
lauravandoore
463
34k
Art, The Web, and Tiny UX
lynnandtonic
303
21k
Build The Right Thing And Hit Your Dates
maggiecrowley
38
3k
Making the Leap to Tech Lead
cromwellryan
135
9.7k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
54k
Bash Introduction
62gerente
615
210k
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
Building Flexible Design Systems
yeseniaperezcruz
329
39k
How to train your dragon (web standard)
notwaldorf
97
6.4k
Large-scale JavaScript Application Architecture
addyosmani
514
110k
Transcript
Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy
Star Wars Day!
No Imperial entanglements. All opinions are my own.
What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions
krmaxwell
glaforge
zozotech
koba789
penguin2716
kakehashi
bitkey
legalontechnologies
polyscape_inc
cygames
oracle4engineer
expajp
anjn
eileencodes
samanthasiow
lauravandoore
lynnandtonic
maggiecrowley
cromwellryan
aki_iinuma
62gerente
garrettdimon
yeseniaperezcruz
notwaldorf
addyosmani
