ThreatPursuit Virtual Machine

FireEye introduced a new fully customizable open-sourced Windows-based dubbed ThreatPursuit Virtual Machine that primarily focuses on malware analysis.

The VM comes with a broad range of tools that enables threat hunters to get up and running quickly.

ThreatPursuit VM

The motive of the ThreatPursuit is to provide a ready-made OS that can be installed on Windows workstation and readily available for analysis.

ThreatPursuit Virtual Machine (VM) is designed for intel and malware analysts as well as threat hunters to get up and running quickly, reads FireEye blog post.

The VM comes with a broad range of tooling, including, but not limited to, threat analytics, statistics, visualization, threat hunting, malware triage, adversarial emulation, and threat modeling.

ThreatPursuit VM uses the Chocolatey Windows package manager, so the malware analysts can also install additional packages that are not included by default.

Here you can find the hunting interface which details the actor activity, most active malware, and most active vulnerabilities.

Aim of this Distribution

  • Conduct hunting activities or missions
  • Create adversarial playbooks using evidence-based knowledge
  • Develop and apply a range of analytical products amongst datasets
  • Perform analytical pivoting across forensic artifacts and elements
  • Emulate advanced offensive security tradecraft
  • Enable situational awareness through intelligence sharing and reporting
  • Applied data science techniques & visualize clusters of symbolic data
  • Leverage open intelligence sources to provide unique insights for defense and offense

Tools Included

Development, Analytics, and Machine Learning

  • Shogun
  • Tensorflow
  • Pytorch
  • Rstudio
  • RTools
  • Darwin
  • Keras
  • Apache Spark
  • Elasticsearch
  • Kibana
  • Apache Zeppelin
  • Jupyter Notebook
  • MITRE Caret
  • Python (x64)
  • Visualization
  • Constellation
  • Neo4J
  • CMAP

Triage, Modelling & Hunting

  • MISP
  • OpenCTI
  • Maltego
  • Splunk
  • MITRE ATT&CK Navigator
  • Greynoise API and GNQL
  • threatcrowd API
  • threatcmd
  • ViperMonkey
  • Threat Hunters Playbook
  • MITRE TRAM
  • SIGMA
  • YETI
  • Azure Zentinel
  • AMITT Framework

Adversarial Emulation

  • MITRE Calderra
  • Red Canary ATOMIC Red Team
  • MITRE Caltack Plugin
  • APTSimulator
  • FlightSim

Information Gathering

  • Maltego
  • nmap
  • intelmq
  • dnsrecon
  • orbit
  • FOCA

Utilities and Links

  • CyberChef
  • KeepPass
  • FLOSS
  • peview
  • VLC
  • AutoIt3
  • Chrome
  • OpenVPN
  • Sublime
  • Notepad++
  • Docker Desktop
  • HxD
  • Sysinternals
  • Putty

You can follow us on LinkedinTwitterFacebook for daily Cyber security and hacking news updates.

Also Read

6 Best Free Malware Analysis Tools to Break Down the Advanced Malware Samples – 2020

Leave a Reply