Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Kyle Maxwell
May 04, 2013
Technology
250
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Grabbing fresh evil bits: Maltrieve
BSides San Antonio - May 2013 - retrieving malware from sources
Kyle Maxwell
May 04, 2013
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
120
Using Python to Fight Cybercrime
krmaxwell
2
240
Incident Patterns
krmaxwell
0
460
Hackertainment
krmaxwell
1
240
Threat Intelligence for Incident Response
krmaxwell
0
210
From Minion to Engineer
krmaxwell
0
140
Why XOR Crypto Sucks
krmaxwell
0
220
Open Source Threat Intelligence - Shakacon
krmaxwell
1
910
Secure Blogging
krmaxwell
0
150
Other Decks in Technology
See All in Technology
NDIAS CTF 2026 問題解説会資料
bata_24
0
180
LLMやAIエージェントをソフトウェアに組み込むプラクティス
shibuiwilliam
1
260
AI時代のエンジニアキャリアについて今一度考える
sakamoto_582
2
1.5k
AIと共生する開発者プラットフォーム:バクラクのモノレポ×マイクロサービス基盤
sakajunquality
2
3.2k
なぜ人は自分のプロジェクトを 「なんちゃってアジャイル」と 自嘲するのか
kozotaira
0
280
オブザーバビリティ、本当に活用できてる? 〜API連携×生成AIで成熟度を自動評価〜
dmmsre
1
2.7k
プライバシー保護の理論と実践
lycorptech_jp
PRO
1
250
Compose 新機能総まとめ / What's New in Jetpack Compose
yanzm
0
160
Foxgloveについて 実際にExtensionを開発して公開するまでの話 / About Foxglove: The Story of Developing and Releasing an Extension
ry0_ka
0
190
最適な自走を最小限の支援で — M&Aで拡大する組織で少人数SREが挑んだ1年 / SRE NEXT 2026
genda
0
900
CIで使うClaude
iwatatomoya
0
220
グローバルチームと挑むプロダクト開発
sansantech
PRO
1
170
Featured
See All Featured
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.9k
Believing is Seeing
oripsolob
1
170
Making Projects Easy
brettharned
120
6.7k
More Than Pixels: Becoming A User Experience Designer
marktimemedia
3
460
State of Search Keynote: SEO is Dead Long Live SEO
ryanjones
0
220
Side Projects
sachag
455
43k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.8k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
249
1.3M
Bash Introduction
62gerente
615
220k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
650
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.6k
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
Transcript
Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy
Star Wars Day!
No Imperial entanglements. All opinions are my own.
What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions