Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 04, 2013
Technology
0
250
Grabbing fresh evil bits: Maltrieve
BSides San Antonio - May 2013 - retrieving malware from sources
Kyle Maxwell
May 04, 2013
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
110
Using Python to Fight Cybercrime
krmaxwell
2
230
Incident Patterns
krmaxwell
0
440
Hackertainment
krmaxwell
1
230
Threat Intelligence for Incident Response
krmaxwell
0
200
From Minion to Engineer
krmaxwell
0
130
Why XOR Crypto Sucks
krmaxwell
0
210
Open Source Threat Intelligence - Shakacon
krmaxwell
1
900
Secure Blogging
krmaxwell
0
150
Other Decks in Technology
See All in Technology
チームメンバー迷わないIaC設計
hayama17
5
3.8k
Oracle Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
5
1.1k
LINE Messengerの次世代ストレージ選定
lycorptech_jp
PRO
19
7.4k
Bill One 開発エンジニア 紹介資料
sansan33
PRO
5
18k
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
3k
GitLab Duo Agent Platform + Local LLMサービングで幸せになりたい
jyoshise
0
120
メタデータ同期に潜んでいた問題 〜 Cache Stampede 時の Cycle Wait を⾒つけた話
lycorptech_jp
PRO
0
150
マネージャー版 "提案のレベル" を上げる
konifar
19
12k
「使いにくい」も「運用疲れ」も卒業する UIデザイナーとエンジニアが創る持続可能な内製開発
nrinetcom
PRO
1
780
us-east-1 に障害が起きた時に、 ap-northeast-1 にどんな影響があるか 説明できるようになろう!
miu_crescent
PRO
1
240
AI時代にエンジニアはどう成長すれば良いのか?
recruitengineers
PRO
1
140
Introduction to Sansan Meishi Maker Development Engineer
sansan33
PRO
0
360
Featured
See All Featured
The Invisible Side of Design
smashingmag
302
51k
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
68
AI in Enterprises - Java and Open Source to the Rescue
ivargrimstad
0
1.2k
Skip the Path - Find Your Career Trail
mkilby
1
72
Building a Scalable Design System with Sketch
lauravandoore
463
34k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.4k
Automating Front-end Workflow
addyosmani
1370
200k
Jess Joyce - The Pitfalls of Following Frameworks
techseoconnect
PRO
1
94
How to Ace a Technical Interview
jacobian
281
24k
30 Presentation Tips
portentint
PRO
1
250
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
What's in a price? How to price your products and services
michaelherold
247
13k
Transcript
Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy
Star Wars Day!
No Imperial entanglements. All opinions are my own.
What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions
krmaxwell
hayama17
oracle4engineer
lycorptech_jp
sansan33
jyoshise
konifar
nrinetcom
miu_crescent
recruitengineers
smashingmag
marketingsoph
ivargrimstad
mkilby
lauravandoore
tammyeverts
addyosmani
techseoconnect
jacobian
portentint
chriscoyier
michaelherold
