Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 25, 2013
Technology
1
160
Grabbing fresh evil bits: Maltrieve
Slightly updated presentation for BSidesNOLA
Kyle Maxwell
May 25, 2013
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
100
Using Python to Fight Cybercrime
krmaxwell
2
220
Incident Patterns
krmaxwell
0
420
Hackertainment
krmaxwell
1
230
Threat Intelligence for Incident Response
krmaxwell
0
180
From Minion to Engineer
krmaxwell
0
120
Why XOR Crypto Sucks
krmaxwell
0
210
Open Source Threat Intelligence - Shakacon
krmaxwell
1
890
Secure Blogging
krmaxwell
0
140
Other Decks in Technology
See All in Technology
S3のライフサイクル設計でハマったポイント
mkumada
0
100
EKS Pod Identity における推移的な session tags
z63d
1
190
Amazon Bedrock AgentCore でプロモーション用動画生成エージェントを開発する
nasuvitz
6
330
2025新卒研修・Webアプリケーションセキュリティ #弁護士ドットコム
bengo4com
3
9.9k
メルカリIBIS:AIが拓く次世代インシデント対応
0gm
2
490
Rethinking Incident Response: Context-Aware AI in Practice - Incident Buddy Edition -
rrreeeyyy
0
130
Claude Code x Androidアプリ 開発
kgmyshin
1
460
Android Studio の 新しいAI機能を試してみよう / Try out the new AI features in Android Studio
yanzm
0
160
ABEMAにおける 生成AI活用の現在地 / The Current Status of Generative AI at ABEMA
dekatotoro
0
550
AWSの最新サービスでAIエージェント構築に楽しく入門しよう
minorun365
PRO
9
540
[OCI Technical Deep Dive] OCIで生成AIを活用するためのソリューション解説(2025年8月5日開催)
oracle4engineer
PRO
0
130
GISエンジニアよ 現場に行け!
sudataka
1
140
Featured
See All Featured
Documentation Writing (for coders)
carmenintech
73
5k
Optimising Largest Contentful Paint
csswizardry
37
3.4k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Why You Should Never Use an ORM
jnunemaker
PRO
59
9.5k
KATA
mclloyd
32
14k
Making the Leap to Tech Lead
cromwellryan
134
9.5k
Rebuilding a faster, lazier Slack
samanthasiow
83
9.1k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.8k
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Imperfection Machines: The Place of Print at Facebook
scottboms
268
13k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
358
30k
Adopting Sorbet at Scale
ufuk
77
9.5k
Transcript
Grabbing fresh evil bits Maltrieve BSidesNOLA 2013-05-25 Happy Geek Pride
Day! @kylemaxwell technoskald.github.io
No Imperial entanglements. All opinions are my own.
What it's for technoskald.github.io/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Invoking maltrieve Command line: python maltrieve.py Options: -p : proxy
specification -l : log file -d : dump directory (def: /tmp/malware) -c : enable Cuckoo analysis
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
Future stuff Bug fixes, duh! Enabling actual research Twitter integration
Community input...
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions @kylemaxwell