Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Grabbing fresh evil bits: Maltrieve

Kyle Maxwell
May 04, 2013
Technology
0
230

Grabbing fresh evil bits: Maltrieve

BSides San Antonio - May 2013 - retrieving malware from sources

Kyle Maxwell

May 04, 2013
Tweet

More Decks by Kyle Maxwell

See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
95
Using Python to Fight Cybercrime
krmaxwell
2
220
Incident Patterns
krmaxwell
0
380
Hackertainment
krmaxwell
1
220
Threat Intelligence for Incident Response
krmaxwell
0
170
From Minion to Engineer
krmaxwell
0
120
Why XOR Crypto Sucks
krmaxwell
0
200
Open Source Threat Intelligence - Shakacon
krmaxwell
1
880
Secure Blogging
krmaxwell
0
140

Other Decks in Technology

See All in Technology
20241120_JAWS_東京_ランチタイムLT#17_AWS認定全冠の先へ
tsumita
2
300
TanStack Routerに移行するのかい しないのかい、どっちなんだい! / Are you going to migrate to TanStack Router or not? Which one is it?
kaminashi
0
600
飲食店データの分析事例とそれを支えるデータ基盤
kimujun
0
190
データプロダクトの定義からはじめる、データコントラクト駆動なデータ基盤
chanyou0311
2
340
開発生産性を上げながらビジネスも30倍成長させてきたチームの姿
kamina_zzz
2
1.7k
個人でもIAM Identity Centerを使おう!(アクセス管理編)
ryder472
4
240
SSMRunbook作成の勘所_20241120
koichiotomo
3
160
OCI Vault 概要
oracle4engineer
PRO
0
9.7k
The Rise of LLMOps
asei
9
1.7k
エンジニア人生の拡張性を高める 「探索型キャリア設計」の提案
tenshoku_draft
1
130
Platform Engineering for Software Developers and Architects
syntasso
1
520
Lambda10周年!Lambdaは何をもたらしたか
smt7174
2
110

Featured

See All Featured
Automating Front-end Workflow
addyosmani
1366
200k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
720
A Modern Web Designer's Workflow
chriscoyier
693
190k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
For a Future-Friendly Web
brad_frost
175
9.4k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
The Art of Programming - Codeland 2020
erikaheidi
52
13k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Designing for humans not robots
tammielis
250
25k
Why Our Code Smells
bkeepers
PRO
334
57k

Transcript

  1. Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy

    Star Wars Day!

  2. No Imperial entanglements. All opinions are my own.

  3. What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources

    as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn

  4. Potted history Weekend side project that started as a set

    of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software

  5. Basic architecture Parallelized Python crawler with proxy support and good

    logging. If we haven't seen it before, get a little metadata and save it off

  6. Adding a new feed • RSS feeds - best option!

    ◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!

  7. Storing the retrieved malware • filesystem plus logging • Some

    pickled data • malwarehouse soon • VxCage? maybe

  8. Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract

    IOCs and other metadata

  9. thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •

    OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well

  10. If you just want lots of data... Maltrieve is about

    fresh evil bits. For lots and lots of evil bits, see VirusShare.com

  11. Ongoing development and questions