ThreatPursuit VM- Threat Intelligence And Hunting Virtual Machine

ThreatPursuit VM
ThreatPursuit VM

MANDIANT THREAT INTELLIGENCE Virtual Machine (VM) Version 2020.1.

ThreatPursuit Virtual Machine (VM) is a fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.

Features

  • Conduct hunting activities or missions
  • Create adversarial playbooks using evidence-based knowledge
  • Develop and apply a range of analytical products amongst datasets
  • Perform analytical pivoting across forensic artifacts and elements
  • Emulate advanced offensive security tradecraft
  • Enable situational awareness through intelligence sharing and reporting
  • Applied data science techniques & visualize clusters of symbolic data
  • Leverage open intelligence sources to provide unique insights for defense and offense.

Installation

Similar to FLARE-VM and Commando VM, it’s recommended to install ThreatPursuit VM in a virtual machine. The following is an overview of the minimal and recommended installation requirements.

Pre-Requisites

  • Google Chrome Browser
  • Oracle Java SE 11 or Greater

Requirements

  • Windows 10 1903
  • 120+ GB Hard Drive
  • 8+ GB RAM
  • 1 network adapters
  • 1024mb Graphics Card Memory
  • Enable Virtualization support for VM (Required for Docker)

Instructions

Standard install

  1. Create and configure a new Windows Virtual Machine
  2. Ensure VM is updated completely. You may have to check for updates, reboot, and check again until no more remain
  3. Take a snapshot of your machine!
  4. Download and copy install.ps1 on your newly configured machine.
  5. Open PowerShell as an Administrator
  6. Unblock the install file by running Unblock-File .\install.ps1
  7. Enable script execution by running Set-ExecutionPolicy Unrestricted -f
  8. Finally, execute the installer script as follows: .\install.ps1 You can also pass your password as an argument: .\install.ps1 -password The script will set up the Boxstarter environment and proceed to download and install the ThreatPursuit VM environment. You will be prompted for the administrator password in order to automate host restarts during installation. If you do not have a password set, hitting enter when prompted will also work.

Installed Softwares

Development, Analytics and Machine Learning

  • Shogun
  • Tensorflow
  • Pytorch
  • Rstudio
  • RTools
  • Darwin
  • Keras
  • Apache Spark
  • Elasticsearch
  • Kibana
  • Apache Zeppelin
  • Jupyter Notebook
  • MITRE Caret
  • Python (x64)

Visualisation

  • Constellation
  • Neo4J
  • CMAP

Triage, Modelling and Hunting

  • MISP
  • OpenCTI
  • Maltego
  • Splunk
  • MITRE ATT&CK Navigator
  • Greynoise API and GNQL
  • Threatcrowd API
  • Threatcmd
  • ViperMonkey
  • Threat Hunters Playbook
  • MITRE TRAM
  • SIGMA
  • YETI
  • Azure Zentinel
  • AMITT Framework

Adversarial Emulation

  • MITRE Calderra
  • Red Canary ATOMIC Red Team
  • MITRE Caltack Plugin
  • APTSimulator
  • FlightSim

Information Gathering

  • Maltego
  • nmap
  • intelmq
  • dnsrecon
  • orbit
  • FOCA

Utilities and Links

  • CyberChef
  • KeepPass
  • FLOSS
  • peview
  • VLC
  • AutoIt3
  • Chrome
  • OpenVPN
  • Sublime
  • Notepad++
  • Docker Desktop
  • HxD
  • Sysinternals
  • Putty

Download ThreatPursuit-VM

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

Tags from the story
More from Priyanshu Sahay

Microsoft Ends Support For Windows 7 on January 2020, What Next?

Microsoft is going to end support for Windows 7 After 10 years,...
Read More