$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 04, 2013
Technology
0
240
Grabbing fresh evil bits: Maltrieve
BSides San Antonio - May 2013 - retrieving malware from sources
Kyle Maxwell
May 04, 2013
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
110
Using Python to Fight Cybercrime
krmaxwell
2
220
Incident Patterns
krmaxwell
0
430
Hackertainment
krmaxwell
1
230
Threat Intelligence for Incident Response
krmaxwell
0
190
From Minion to Engineer
krmaxwell
0
120
Why XOR Crypto Sucks
krmaxwell
0
210
Open Source Threat Intelligence - Shakacon
krmaxwell
1
890
Secure Blogging
krmaxwell
0
140
Other Decks in Technology
See All in Technology
知っていると得する!Movable Type 9 の新機能を徹底解説
masakah
0
240
コミューンのデータ分析AIエージェント「Community Sage」の紹介
fufufukakaka
0
320
Bakuraku Engineering Team Deck
layerx
PRO
12
6.6k
Playwright x GitHub Actionsで実現する「レビューしやすい」E2Eテストレポート
kinosuke01
0
190
Claude Code Getting Started Guide(en)
oikon48
0
170
.NET 10 のパフォーマンス改善
nenonaninu
2
4.9k
21st ACRi Webinar - Univ of Tokyo Presentation Slide (Ayumi Ohno)
nao_sumikawa
0
120
オープンデータの内製化から分かったGISデータを巡る行政の課題
naokim84
2
1.4k
グレートファイアウォールを自宅に建てよう
ctes091x
0
130
著者と読み解くAIエージェント現場導入の勘所 Lancers TechBook#2
smiyawaki0820
11
5.4k
【CEDEC+KYUSHU2025】学生・若手必見!テクニカルアーティスト 大全 ~仕事・スキル・キャリアパス、TAの「わからない」を徹底解剖~
cygames
PRO
0
130
Symfony AI in Action
el_stoffel
2
390
Featured
See All Featured
Practical Orchestrator
shlominoach
190
11k
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
5.7k
Building a Modern Day E-commerce SEO Strategy
aleyda
45
8.3k
Site-Speed That Sticks
csswizardry
13
990
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
31
3k
Building Applications with DynamoDB
mza
96
6.8k
jQuery: Nuts, Bolts and Bling
dougneiner
65
8.1k
Leading Effective Engineering Teams in the AI Era
addyosmani
8
1.3k
Making the Leap to Tech Lead
cromwellryan
135
9.7k
The Cost Of JavaScript in 2023
addyosmani
55
9.3k
Git: the NoSQL Database
bkeepers
PRO
432
66k
Transcript
Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy
Star Wars Day!
No Imperial entanglements. All opinions are my own.
What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions
krmaxwell
masakah
fufufukakaka
layerx
kinosuke01
oikon48
nenonaninu
nao_sumikawa
naokim84
ctes091x
smiyawaki0820
cygames
el_stoffel
shlominoach
wjessup
reverentgeek
aleyda
csswizardry
danielanewman
mza
dougneiner
addyosmani
cromwellryan
bkeepers
