Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 25, 2013
Technology
1
150
Grabbing fresh evil bits: Maltrieve
Slightly updated presentation for BSidesNOLA
Kyle Maxwell
May 25, 2013
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
95
Using Python to Fight Cybercrime
krmaxwell
2
220
Incident Patterns
krmaxwell
0
380
Hackertainment
krmaxwell
1
220
Threat Intelligence for Incident Response
krmaxwell
0
170
From Minion to Engineer
krmaxwell
0
110
Why XOR Crypto Sucks
krmaxwell
0
200
Open Source Threat Intelligence - Shakacon
krmaxwell
1
880
Secure Blogging
krmaxwell
0
140
Other Decks in Technology
See All in Technology
初心者に Vue.js を 教えるには
tsukuha
5
390
AIを駆使したゲーム開発戦略: 新設AI組織の取り組み / sge-ai-strategy
cyberagentdevelopers
PRO
1
130
スプリントゴールにチームの状態も設定する背景とその効果 / Team state in sprint goals why and impact
kakehashi
2
100
WINTICKETアプリで実現した高可用性と高速リリースを支えるエコシステム / winticket-eco-system
cyberagentdevelopers
PRO
1
190
pandasはPolarsに性能面で追いつき追い越せるのか
vaaaaanquish
4
4.6k
[JAWS-UG金沢支部×コンテナ支部合同企画]コンテナとは何か
furuton
3
260
Aurora_BlueGreenDeploymentsやってみた
tsukasa_ishimaru
1
130
Amazon_CloudWatch_ログ異常検出_導入ガイド
tsujiba
4
1.6k
事業者間調整の行間を読む 調整の具体事例
sugiim
0
1.5k
リンクアンドモチベーション ソフトウェアエンジニア向け紹介資料 / Introduction to Link and Motivation for Software Engineers
lmi
4
290k
Autify Company Deck
autifyhq
1
39k
【若手エンジニア応援LT会】AWSで繋がり、共に成長! ~コミュニティ活動と新人教育への挑戦~
kazushi_ohata
0
180
Featured
See All Featured
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Ruby is Unlike a Banana
tanoku
96
11k
The Cult of Friendly URLs
andyhume
78
6k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
What's new in Ruby 2.0
geeforr
342
31k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
228
52k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Fashionably flexible responsive web design (full day workshop)
malarkey
404
65k
Building Better People: How to give real-time feedback that sticks.
wjessup
363
19k
Intergalactic Javascript Robots from Outer Space
tanoku
268
27k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
41
2.1k
Scaling GitHub
holman
458
140k
Transcript
Grabbing fresh evil bits Maltrieve BSidesNOLA 2013-05-25 Happy Geek Pride
Day! @kylemaxwell technoskald.github.io
No Imperial entanglements. All opinions are my own.
What it's for technoskald.github.io/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Invoking maltrieve Command line: python maltrieve.py Options: -p : proxy
specification -l : log file -d : dump directory (def: /tmp/malware) -c : enable Cuckoo analysis
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
Future stuff Bug fixes, duh! Enabling actual research Twitter integration
Community input...
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions @kylemaxwell