Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 04, 2013
Technology
0
240
Grabbing fresh evil bits: Maltrieve
BSides San Antonio - May 2013 - retrieving malware from sources
Kyle Maxwell
May 04, 2013
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
100
Using Python to Fight Cybercrime
krmaxwell
2
220
Incident Patterns
krmaxwell
0
420
Hackertainment
krmaxwell
1
230
Threat Intelligence for Incident Response
krmaxwell
0
180
From Minion to Engineer
krmaxwell
0
120
Why XOR Crypto Sucks
krmaxwell
0
210
Open Source Threat Intelligence - Shakacon
krmaxwell
1
890
Secure Blogging
krmaxwell
0
140
Other Decks in Technology
See All in Technology
生成AIによるデータサイエンスの変革
taka_aki
0
3.1k
AIは変更差分からユニットテスト_結合テスト_システムテストでテストすべきことが出せるのか?
mineo_matsuya
5
2.9k
Infrastructure as Prompt実装記 〜Bedrock AgentCoreで作る自然言語インフラエージェント〜
yusukeshimizu
2
170
プロダクトエンジニアリングで開発の楽しさを拡張する話
barometrica
0
220
Backlog AI アシスタントが切り開く未来
vvatanabe
1
170
九州の人に知ってもらいたいGISスポット / gis spot in kyushu 2025
sakaik
0
220
Claude Codeは仕様駆動の夢を見ない
gotalab555
23
7.3k
結局QUICで通信は速くなるの?
kota_yata
9
7.5k
2025新卒研修・Webアプリケーションセキュリティ #弁護士ドットコム
bengo4com
3
9.9k
第64回コンピュータビジョン勉強会@関東(後編)
tsukamotokenji
0
190
【OptimizationNight】数理最適化のラストワンマイルとしてのUIUX
brainpadpr
2
570
工業高校で学習したとあるエンジニアのキャリアの話
shirayanagiryuji
0
120
Featured
See All Featured
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
139
34k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
Visualization
eitanlees
146
16k
Intergalactic Javascript Robots from Outer Space
tanoku
272
27k
RailsConf 2023
tenderlove
30
1.2k
Into the Great Unknown - MozCon
thekraken
40
2k
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.6k
A designer walks into a library…
pauljervisheath
207
24k
Making the Leap to Tech Lead
cromwellryan
134
9.5k
A Modern Web Designer's Workflow
chriscoyier
695
190k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.6k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Transcript
Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy
Star Wars Day!
No Imperial entanglements. All opinions are my own.
What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions
krmaxwell
taka_aki
mineo_matsuya
yusukeshimizu
barometrica
vvatanabe
sakaik
gotalab555
kota_yata
bengo4com
tsukamotokenji
brainpadpr
shirayanagiryuji
eileencodes
wjessup
eitanlees
tanoku
tenderlove
thekraken
productmarketing
pauljervisheath
cromwellryan
chriscoyier
mongodb
malarkey
