Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Kyle Maxwell
May 25, 2013
Technology
170
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Grabbing fresh evil bits: Maltrieve
Slightly updated presentation for BSidesNOLA
Kyle Maxwell
May 25, 2013
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
120
Using Python to Fight Cybercrime
krmaxwell
2
240
Incident Patterns
krmaxwell
0
460
Hackertainment
krmaxwell
1
240
Threat Intelligence for Incident Response
krmaxwell
0
210
From Minion to Engineer
krmaxwell
0
140
Why XOR Crypto Sucks
krmaxwell
0
220
Open Source Threat Intelligence - Shakacon
krmaxwell
1
910
Secure Blogging
krmaxwell
0
150
Other Decks in Technology
See All in Technology
AIレビューはどこまで任せられるのか?自動化と人が背負うレビューの境界
sansantech
PRO
1
200
アカウントが増えてからでは遅い? ~ マルチアカウント統制の勘所 ~
kenichinakamura
0
220
オブザーバビリティ、本当に活用できてる? 〜API連携×生成AIで成熟度を自動評価〜
dmmsre
1
2.7k
Control Planeで育てるBtoB SaaSの認証基盤 - SRE NEXT 2026
pokohide
1
2.1k
AI Driven AI Governance
pict3
0
320
AI Agent SaaS を支える自社仮想化基盤への挑戦と実運用 / ai-agent-saas-virtualization
flatt_security
2
3.6k
AI駆動開発におけるQAエンジニアの役割事例 〜AI駆動開発の現場から〜
kobayashiyorimitsu
0
460
型は壁、Rustでもバグを直すな、表現できなくせよ
nwiizo
13
1.9k
NDIAS CTF 2026 問題解説会資料
bata_24
0
180
SRE Lounge Hiroshimaへの招待
grimoh
0
590
あなたの『Site』はどこですか? — xREという考え方
miyamu
0
1.2k
最適な自走を最小限の支援で — M&Aで拡大する組織で少人数SREが挑んだ1年 / SRE NEXT 2026
genda
0
900
Featured
See All Featured
We Analyzed 250 Million AI Search Results: Here's What I Found
joshbly
1
1.5k
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.6k
Deep Space Network (abreviated)
tonyrice
0
220
Redefining SEO in the New Era of Traffic Generation
szymonslowik
1
360
BBQ
matthewcrist
89
10k
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
170
Are puppies a ranking factor?
jonoalderson
1
3.7k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.3k
Mobile First: as difficult as doing things right
swwweet
225
10k
The AI Search Optimization Roadmap by Aleyda Solis
aleyda
1
6k
Visual Storytelling: How to be a Superhuman Communicator
reverentgeek
2
590
Building Applications with DynamoDB
mza
96
7.1k
Transcript
Grabbing fresh evil bits Maltrieve BSidesNOLA 2013-05-25 Happy Geek Pride
Day! @kylemaxwell technoskald.github.io
No Imperial entanglements. All opinions are my own.
What it's for technoskald.github.io/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Invoking maltrieve Command line: python maltrieve.py Options: -p : proxy
specification -l : log file -d : dump directory (def: /tmp/malware) -c : enable Cuckoo analysis
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
Future stuff Bug fixes, duh! Enabling actual research Twitter integration
Community input...
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions @kylemaxwell