Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Kyle Maxwell
May 04, 2013
Technology
250
0
Share
Grabbing fresh evil bits: Maltrieve
BSides San Antonio - May 2013 - retrieving malware from sources
Kyle Maxwell
May 04, 2013
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
110
Using Python to Fight Cybercrime
krmaxwell
2
230
Incident Patterns
krmaxwell
0
450
Hackertainment
krmaxwell
1
230
Threat Intelligence for Incident Response
krmaxwell
0
210
From Minion to Engineer
krmaxwell
0
130
Why XOR Crypto Sucks
krmaxwell
0
220
Open Source Threat Intelligence - Shakacon
krmaxwell
1
910
Secure Blogging
krmaxwell
0
150
Other Decks in Technology
See All in Technology
APIテストとは?
nagix
0
130
RubyでRuby拡張を書いたらRubyより35倍速になったってどういうこと??
kazuho
3
710
ポスター発表&デモと総括 / Poster Presentations & Demonstrations and Summary
ks91
PRO
0
150
OpenClawとHermesAgentでAI新入社員を作った話
takanoriyanada
0
140
AI とサービス・デザイン / AI and Service Design
ks91
PRO
0
180
long-running-tasks
cipepser
2
430
Amazon CloudFrontにおけるAIボットアクセス制御のポイント
kizawa2020
5
300
Claude Code x Accounting
kawaguti
PRO
1
340
JJUG CCC 2026 Spring AI時代の開発こそ標準化を武器に! ― 方式・プロセス・プラットフォームの標準化
s27watanabe
2
570
TROCCOで始めるクラウドコストを民主化するためのFinOps
tk3fftk
1
260
eBPF Can Do It! A 5-Minute Tour of 5 Real-World PHP Issues Solved with eBPF
egmc
0
320
Javaコミュニティをもっと楽しむための9箇条
takasyou
0
390
Featured
See All Featured
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
28
3.5k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025
aleyda
1
2k
What the history of the web can teach us about the future of AI
inesmontani
PRO
1
580
Speed Design
sergeychernyshev
33
1.7k
Primal Persuasion: How to Engage the Brain for Learning That Lasts
tmiket
0
350
Marketing to machines
jonoalderson
1
5.3k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
122
21k
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
1
520
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
199
74k
The innovator’s Mindset - Leading Through an Era of Exponential Change - McGill University 2025
jdejongh
PRO
1
180
Are puppies a ranking factor?
jonoalderson
1
3.4k
Transcript
Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy
Star Wars Day!
No Imperial entanglements. All opinions are my own.
What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions
krmaxwell
nagix
kazuho
ks91
takanoriyanada
cipepser
kizawa2020
kawaguti
s27watanabe
tk3fftk
egmc
takasyou
eileencodes
tanoku
aleyda
inesmontani
sergeychernyshev
tmiket
jonoalderson
panda_program
honzajavorek
soudai
jdejongh
