Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 25, 2013
Technology
1
160
Grabbing fresh evil bits: Maltrieve
Slightly updated presentation for BSidesNOLA
Kyle Maxwell
May 25, 2013
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
100
Using Python to Fight Cybercrime
krmaxwell
2
220
Incident Patterns
krmaxwell
0
430
Hackertainment
krmaxwell
1
230
Threat Intelligence for Incident Response
krmaxwell
0
180
From Minion to Engineer
krmaxwell
0
120
Why XOR Crypto Sucks
krmaxwell
0
210
Open Source Threat Intelligence - Shakacon
krmaxwell
1
890
Secure Blogging
krmaxwell
0
140
Other Decks in Technology
See All in Technology
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
940
入院医療費算定業務をAIで支援する:包括医療費支払い制度とDPCコーディング (公開版)
hagino3000
0
100
様々なファイルシステム
sat
PRO
0
230
ViteとTypeScriptのProject Referencesで 大規模モノレポのUIカタログのリリースサイクルを高速化する
shuta13
3
180
What's new in OpenShift 4.20
redhatlivestreaming
0
160
Biz職でもDifyでできる! 「触らないAIワークフロー」を実現する方法
igarashikana
7
3.1k
Building a cloud native business on open source
lizrice
0
170
頭部ふわふわ浄酔器
uyupun
0
110
会社を支える Pythonという言語戦略 ~なぜPythonを主要言語にしているのか?~
curekoshimizu
3
630
Observability for the system understanding and curious by developers
maruloop
1
510
今この時代に技術とどう向き合うべきか
gree_tech
PRO
2
2.2k
クラウドとリアルの融合により、製造業はどう変わるのか?〜クラスメソッドの製造業への取組と共に〜
hamadakoji
0
390
Featured
See All Featured
Facilitating Awesome Meetings
lara
57
6.6k
Designing for humans not robots
tammielis
254
26k
Code Reviewing Like a Champion
maltzj
526
40k
The Illustrated Children's Guide to Kubernetes
chrisshort
49
51k
How to Ace a Technical Interview
jacobian
280
24k
Rails Girls Zürich Keynote
gr2m
95
14k
Building an army of robots
kneath
305
46k
Navigating Team Friction
lara
190
15k
Bash Introduction
62gerente
615
210k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
116
20k
Designing Experiences People Love
moore
142
24k
The Language of Interfaces
destraynor
162
25k
Transcript
Grabbing fresh evil bits Maltrieve BSidesNOLA 2013-05-25 Happy Geek Pride
Day! @kylemaxwell technoskald.github.io
No Imperial entanglements. All opinions are my own.
What it's for technoskald.github.io/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Invoking maltrieve Command line: python maltrieve.py Options: -p : proxy
specification -l : log file -d : dump directory (def: /tmp/malware) -c : enable Cuckoo analysis
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
Future stuff Bug fixes, duh! Enabling actual research Twitter integration
Community input...
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions @kylemaxwell