Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 04, 2013
Technology
250
0
Share
Grabbing fresh evil bits: Maltrieve
BSides San Antonio - May 2013 - retrieving malware from sources
Kyle Maxwell
May 04, 2013
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
110
Using Python to Fight Cybercrime
krmaxwell
2
230
Incident Patterns
krmaxwell
0
450
Hackertainment
krmaxwell
1
230
Threat Intelligence for Incident Response
krmaxwell
0
210
From Minion to Engineer
krmaxwell
0
130
Why XOR Crypto Sucks
krmaxwell
0
220
Open Source Threat Intelligence - Shakacon
krmaxwell
1
900
Secure Blogging
krmaxwell
0
150
Other Decks in Technology
See All in Technology
サイバーフィジカル社会とは何か / What Is a Cyber-Physical Society?
ks91
PRO
0
160
ADOTで始めるサーバレスアーキテクチャのオブザーバビリティ
alchemy1115
2
270
数案件を同時に進行するためのコンテキスト整理術
sutetotanuki
1
190
Bluesky Meetup in Tokyo vol.4 - 2023to2026
shinoharata
0
150
NgRx SignalStore: The Power of Extensibility
rainerhahnekamp
0
200
今年60歳のおっさんCBになる
kentapapa
1
370
Hooks, Filters & Now Context: Why MCPs Are the “Hooks” of the AI Era
miriamschwab
0
130
建設的な現実逃避のしかた / How to practice constructive escapism
pauli
4
310
GitHub Copilotを極める会 - 開発者のための活用術
findy_eventslides
6
4k
シン・リスコフの置換原則 〜現代風に考えるSOLIDの原則〜
jinwatanabe
0
180
AI時代に新卒採用、はじめました/junior-engineer-never-die
dmnlk
0
240
AIエージェントを構築して感じた、AI時代のCDKとの向き合い方
smt7174
1
170
Featured
See All Featured
Primal Persuasion: How to Engage the Brain for Learning That Lasts
tmiket
0
310
Raft: Consensus for Rubyists
vanstee
141
7.4k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.7k
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
790
Information Architects: The Missing Link in Design Systems
soysaucechin
0
870
VelocityConf: Rendering Performance Case Studies
addyosmani
333
25k
GitHub's CSS Performance
jonrohan
1032
470k
The Cost Of JavaScript in 2023
addyosmani
55
9.8k
Unlocking the hidden potential of vector embeddings in international SEO
frankvandijk
0
760
Navigating Algorithm Shifts & AI Overviews - #SMXNext
aleyda
1
1.2k
16th Malabo Montpellier Forum Presentation
akademiya2063
PRO
0
93
Mind Mapping
helmedeiros
PRO
1
150
Transcript
Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy
Star Wars Day!
No Imperial entanglements. All opinions are my own.
What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions
krmaxwell
ks91
alchemy1115
sutetotanuki
shinoharata
rainerhahnekamp
kentapapa
miriamschwab
pauli
findy_eventslides
jinwatanabe
dmnlk
smt7174
tmiket
vanstee
thoeni
aleyda
soysaucechin
addyosmani
jonrohan
frankvandijk
akademiya2063
helmedeiros
