Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 25, 2013
Technology
1
150
Grabbing fresh evil bits: Maltrieve
Slightly updated presentation for BSidesNOLA
Kyle Maxwell
May 25, 2013
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
97
Using Python to Fight Cybercrime
krmaxwell
2
220
Incident Patterns
krmaxwell
0
400
Hackertainment
krmaxwell
1
220
Threat Intelligence for Incident Response
krmaxwell
0
170
From Minion to Engineer
krmaxwell
0
120
Why XOR Crypto Sucks
krmaxwell
0
210
Open Source Threat Intelligence - Shakacon
krmaxwell
1
880
Secure Blogging
krmaxwell
0
140
Other Decks in Technology
See All in Technology
20250328_OpenAI製DeepResearchは既に一種のAGIだと思う話
doradora09
PRO
0
150
グループポリシー再確認
murachiakira
0
160
LINE Notify互換のボットを作った話
kenichirokimura
0
170
ソフトウェア開発におけるインターフェイスという考え方 / PHPerKaigi 2025
k1low
9
3.9k
OPENLOGI Company Profile for engineer
hr01
1
22k
パスキー導入の課題と ベストプラクティス、今後の展望
ritou
7
1.2k
スケールアップ企業のQA組織のバリューを最大限に引き出すための取り組み
tarappo
4
930
Amazon Q Developer 他⽣成AIと⽐較してみた
takano0131
1
120
IAMのマニアックな話 2025 ~40分バージョン ~
nrinetcom
PRO
8
910
技術好きなエンジニアが _リーダーへの進化_ によって得たものと失ったもの / The Gains and Losses of a Tech-Enthusiast Engineer’s “Evolution into Leadership”
kaminashi
0
200
AI・LLM事業部のSREとタスクの自動運転
shinyorke
PRO
0
300
チームビルディング「脅威モデリング」ワークショップ
koheiyoshikawa
0
140
Featured
See All Featured
Building an army of robots
kneath
304
45k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
25k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
7.1k
The Invisible Side of Design
smashingmag
299
50k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.2k
Reflections from 52 weeks, 52 projects
jeffersonlam
349
20k
Measuring & Analyzing Core Web Vitals
bluesmoon
6
320
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
What's in a price? How to price your products and services
michaelherold
245
12k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
28
2k
Art, The Web, and Tiny UX
lynnandtonic
298
20k
Transcript
Grabbing fresh evil bits Maltrieve BSidesNOLA 2013-05-25 Happy Geek Pride
Day! @kylemaxwell technoskald.github.io
No Imperial entanglements. All opinions are my own.
What it's for technoskald.github.io/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Invoking maltrieve Command line: python maltrieve.py Options: -p : proxy
specification -l : log file -d : dump directory (def: /tmp/malware) -c : enable Cuckoo analysis
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
Future stuff Bug fixes, duh! Enabling actual research Twitter integration
Community input...
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions @kylemaxwell