Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 25, 2013
Technology
1
160
Grabbing fresh evil bits: Maltrieve
Slightly updated presentation for BSidesNOLA
Kyle Maxwell
May 25, 2013
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
100
Using Python to Fight Cybercrime
krmaxwell
2
220
Incident Patterns
krmaxwell
0
430
Hackertainment
krmaxwell
1
230
Threat Intelligence for Incident Response
krmaxwell
0
180
From Minion to Engineer
krmaxwell
0
120
Why XOR Crypto Sucks
krmaxwell
0
210
Open Source Threat Intelligence - Shakacon
krmaxwell
1
890
Secure Blogging
krmaxwell
0
140
Other Decks in Technology
See All in Technology
空間を設計する力を考える / 20251004 Naoki Takahashi
shift_evolve
PRO
3
320
extension 現場で使えるXcodeショートカット一覧
ktombow
0
200
AI時代だからこそ考える、僕らが本当につくりたいスクラムチーム / A Scrum Team we really want to create in this AI era
takaking22
6
3k
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
11
77k
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
5.4k
"複雑なデータ処理 × 静的サイト" を両立させる、楽をするRails運用 / A low-effort Rails workflow that combines “Complex Data Processing × Static Sites”
hogelog
3
1.7k
BirdCLEF+2025 Noir 5位解法紹介
myso
0
190
Flaky Testへの現実解をGoのプロポーザルから考える | Go Conference 2025
upamune
1
400
AIが書いたコードをAIが検証する!自律的なモバイルアプリ開発の実現
henteko
1
330
Findy Team+のSOC2取得までの道のり
rvirus0817
0
310
ZOZOのAI活用実践〜社内基盤からサービス応用まで〜
zozotech
PRO
0
160
自作LLM Native GORM Pluginで実現する AI Agentバックテスト基盤構築
po3rin
2
240
Featured
See All Featured
Art, The Web, and Tiny UX
lynnandtonic
303
21k
Facilitating Awesome Meetings
lara
56
6.6k
Gamification - CAS2011
davidbonilla
81
5.5k
Automating Front-end Workflow
addyosmani
1371
200k
For a Future-Friendly Web
brad_frost
180
9.9k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
45
2.5k
The Cult of Friendly URLs
andyhume
79
6.6k
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
VelocityConf: Rendering Performance Case Studies
addyosmani
332
24k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
9
850
Making Projects Easy
brettharned
119
6.4k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
36
2.5k
Transcript
Grabbing fresh evil bits Maltrieve BSidesNOLA 2013-05-25 Happy Geek Pride
Day! @kylemaxwell technoskald.github.io
No Imperial entanglements. All opinions are my own.
What it's for technoskald.github.io/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Invoking maltrieve Command line: python maltrieve.py Options: -p : proxy
specification -l : log file -d : dump directory (def: /tmp/malware) -c : enable Cuckoo analysis
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
Future stuff Bug fixes, duh! Enabling actual research Twitter integration
Community input...
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions @kylemaxwell