Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Grabbing fresh evil bits: Maltrieve

Kyle Maxwell
May 04, 2013
Technology
0
230

Grabbing fresh evil bits: Maltrieve

BSides San Antonio - May 2013 - retrieving malware from sources

Kyle Maxwell

May 04, 2013
Tweet

More Decks by Kyle Maxwell

See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
95
Using Python to Fight Cybercrime
krmaxwell
2
220
Incident Patterns
krmaxwell
0
380
Hackertainment
krmaxwell
1
220
Threat Intelligence for Incident Response
krmaxwell
0
170
From Minion to Engineer
krmaxwell
0
110
Why XOR Crypto Sucks
krmaxwell
0
200
Open Source Threat Intelligence - Shakacon
krmaxwell
1
880
Secure Blogging
krmaxwell
0
140

Other Decks in Technology

See All in Technology
チームを主語にしてみる / Making "Team" the Subject
ar_tama
4
310
VPC間の接続方法を整理してみた #自治体クラウド勉強会
non97
1
850
Automated Promptingを目指すその前に / Before we can aim for Automated Prompting
rkaga
0
110
プロダクト成長に対応するプラットフォーム戦略:Authleteによる共通認証基盤の移行事例 / Building an authentication platform using Authlete and AWS
kakehashi
1
150
バクラクにおける可観測性向上の取り組み
yuu26
3
420
Datachain会社紹介資料(2024年11月) / Company Deck
datachain
3
16k
リンクアンドモチベーション ソフトウェアエンジニア向け紹介資料 / Introduction to Link and Motivation for Software Engineers
lmi
4
290k
[AWS JAPAN 生成AIハッカソン] Dialog の紹介
yoshimi0227
0
150
コンテンツを支える 若手ゲームクリエイターの アートディレクションの事例紹介 / cagamefi-game
cyberagentdevelopers
PRO
1
130
分布で見る効果検証入門 / ai-distributional-effect
cyberagentdevelopers
PRO
4
700
話題のGraphRAG、その可能性と課題を理解する
hide212131
4
1.5k
生成AIとAWS CDKで実現! 自社ブログレビューの効率化
ymae
2
330

Featured

See All Featured
Adopting Sorbet at Scale
ufuk
73
9k
Learning to Love Humans: Emotional Interface Design
aarron
272
40k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
27
790
Docker and Python
trallard
40
3.1k
Git: the NoSQL Database
bkeepers
PRO
425
64k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
41
2.1k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
6.9k
A designer walks into a library…
pauljervisheath
202
24k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k
What's new in Ruby 2.0
geeforr
342
31k

Transcript

  1. Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy

    Star Wars Day!

  2. No Imperial entanglements. All opinions are my own.

  3. What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources

    as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn

  4. Potted history Weekend side project that started as a set

    of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software

  5. Basic architecture Parallelized Python crawler with proxy support and good

    logging. If we haven't seen it before, get a little metadata and save it off

  6. Adding a new feed • RSS feeds - best option!

    ◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!

  7. Storing the retrieved malware • filesystem plus logging • Some

    pickled data • malwarehouse soon • VxCage? maybe

  8. Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract

    IOCs and other metadata

  9. thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •

    OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well

  10. If you just want lots of data... Maltrieve is about

    fresh evil bits. For lots and lots of evil bits, see VirusShare.com

  11. Ongoing development and questions