Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Grabbing fresh evil bits: Maltrieve

Kyle Maxwell
May 04, 2013
Technology
0
240

Grabbing fresh evil bits: Maltrieve

BSides San Antonio - May 2013 - retrieving malware from sources

Kyle Maxwell

May 04, 2013
Tweet

More Decks by Kyle Maxwell

See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
97
Using Python to Fight Cybercrime
krmaxwell
2
220
Incident Patterns
krmaxwell
0
410
Hackertainment
krmaxwell
1
220
Threat Intelligence for Incident Response
krmaxwell
0
170
From Minion to Engineer
krmaxwell
0
120
Why XOR Crypto Sucks
krmaxwell
0
210
Open Source Threat Intelligence - Shakacon
krmaxwell
1
880
Secure Blogging
krmaxwell
0
140

Other Decks in Technology

See All in Technology
ここはMCPの夜明けまえ
nwiizo
28
10k
Goの組織でバックエンドTypeScriptを採用してどうだったか / How was adopting backend TypeScript in a Golang company
kaminashi
6
6.4k
Dynamic Reteaming And Self Organization
miholovesq
3
580
React ABC Questions
hirotomoyamada
0
490
白金鉱業Meetup_Vol.18_AIエージェント時代のUI/UX設計
brainpadpr
1
170
LLM as プロダクト開発のパワードスーツ
layerx
PRO
1
240
意思決定を支える検索体験を目指してやってきたこと
hinatades
PRO
0
210
ブラウザのレガシー・独自機能を愛でる-Firefoxの脆弱性4選- / Browser Crash Club #1
masatokinugawa
1
490
アジャイル脅威モデリング#1(脅威モデリングナイト#8)
masakane55
3
230
AWSLambdaMCPServerを使ってツールとMCPサーバを分離する
tkikuchi
1
3.1k
Spring Bootで実装とインフラをこれでもかと分離するための試み
shintanimoto
7
860
AWSで作るセキュアな認証基盤with OAuth mTLS / Secure Authentication Infrastructure with OAuth mTLS on AWS
kaminashi
0
180

Featured

See All Featured
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
Agile that works and the tools we love
rasmusluckow
328
21k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
Stop Working from a Prison Cell
hatefulcrawdad
268
20k
Producing Creativity
orderedlist
PRO
344
40k
Designing Experiences People Love
moore
141
24k
The Pragmatic Product Professional
lauravandoore
33
6.5k
Embracing the Ebb and Flow
colly
85
4.6k
Done Done
chrislema
183
16k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
12k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
40
7.2k
Optimising Largest Contentful Paint
csswizardry
36
3.2k

Transcript

  1. Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy

    Star Wars Day!

  2. No Imperial entanglements. All opinions are my own.

  3. What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources

    as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn

  4. Potted history Weekend side project that started as a set

    of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software

  5. Basic architecture Parallelized Python crawler with proxy support and good

    logging. If we haven't seen it before, get a little metadata and save it off

  6. Adding a new feed • RSS feeds - best option!

    ◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!

  7. Storing the retrieved malware • filesystem plus logging • Some

    pickled data • malwarehouse soon • VxCage? maybe

  8. Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract

    IOCs and other metadata

  9. thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •

    OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well

  10. If you just want lots of data... Maltrieve is about

    fresh evil bits. For lots and lots of evil bits, see VirusShare.com

  11. Ongoing development and questions