Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 04, 2013
Technology
0
240
Grabbing fresh evil bits: Maltrieve
BSides San Antonio - May 2013 - retrieving malware from sources
Kyle Maxwell
May 04, 2013
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
110
Using Python to Fight Cybercrime
krmaxwell
2
230
Incident Patterns
krmaxwell
0
440
Hackertainment
krmaxwell
1
230
Threat Intelligence for Incident Response
krmaxwell
0
200
From Minion to Engineer
krmaxwell
0
120
Why XOR Crypto Sucks
krmaxwell
0
210
Open Source Threat Intelligence - Shakacon
krmaxwell
1
890
Secure Blogging
krmaxwell
0
140
Other Decks in Technology
See All in Technology
Data Hubグループ 紹介資料
sansan33
PRO
0
2.6k
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
6
64k
VRTと真面目に向き合う
hiragram
1
210
サラリーマンソフトウェアエンジニアのキャリア
yuheinakasaka
42
20k
The Engineer with a Three-Year Cycle
e99h2121
0
160
AI に「学ばせ、調べさせ、作らせる」。Auth0 開発を加速させる7つの実践的アプローチ
scova0731
0
330
スクラムを一度諦めたチームにアジャイルコーチが入ってどう変化したか / A Team's Second Try at Scrum with an Agile Coach
kaonavi
0
280
純粋なイミュータブルモデルを設計してからイベントソーシングと組み合わせるDeciderの実践方法の紹介 /Introducing Decider Pattern with Event Sourcing
tomohisa
1
1.3k
2026/01/16_実体験から学ぶ 2025年の失敗と対策_Progate Bar
teba_eleven
1
210
会社紹介資料 / Sansan Company Profile
sansan33
PRO
13
400k
20260114_データ横丁 新年LT大会:2026年の抱負
taromatsui_cccmkhd
0
360
Databricks Free Edition講座 データエンジニアリング編
taka_aki
0
2.7k
Featured
See All Featured
svc-hook: hooking system calls on ARM64 by binary rewriting
retrage
1
74
30 Presentation Tips
portentint
PRO
1
190
Embracing the Ebb and Flow
colly
88
5k
<Decoding/> the Language of Devs - We Love SEO 2024
nikkihalliwell
1
110
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
The World Runs on Bad Software
bkeepers
PRO
72
12k
The Director’s Chair: Orchestrating AI for Truly Effective Learning
tmiket
1
82
Groundhog Day: Seeking Process in Gaming for Health
codingconduct
0
76
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
2
140
How to make the Groovebox
asonas
2
1.9k
Deep Space Network (abreviated)
tonyrice
0
35
Art, The Web, and Tiny UX
lynnandtonic
304
21k
Transcript
Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy
Star Wars Day!
No Imperial entanglements. All opinions are my own.
What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions
krmaxwell
sansan33
hiragram
yuheinakasaka
e99h2121
scova0731
kaonavi
tomohisa
teba_eleven
taromatsui_cccmkhd
taka_aki
retrage
portentint
colly
nikkihalliwell
caitiem20
bkeepers
tmiket
codingconduct
tammyeverts
asonas
tonyrice
lynnandtonic
