FireEye introduced a new fully customizable open-sourced Windows-based dubbed ThreatPursuit Virtual Machine that primarily focuses on malware analysis.
The VM comes with a broad range of tools that enables threat hunters to get up and running quickly.
The motive of the ThreatPursuit is to provide a ready-made OS that can be installed on Windows workstation and readily available for analysis.
ThreatPursuit Virtual Machine (VM) is designed for intel and malware analysts as well as threat hunters to get up and running quickly, reads FireEye blog post.
The VM comes with a broad range of tooling, including, but not limited to, threat analytics, statistics, visualization, threat hunting, malware triage, adversarial emulation, and threat modeling.
ThreatPursuit VM uses the Chocolatey Windows package manager, so the malware analysts can also install additional packages that are not included by default.
Here you can find the hunting interface which details the actor activity, most active malware, and most active vulnerabilities.
Aim of this Distribution
- Conduct hunting activities or missions
- Create adversarial playbooks using evidence-based knowledge
- Develop and apply a range of analytical products amongst datasets
- Perform analytical pivoting across forensic artifacts and elements
- Emulate advanced offensive security tradecraft
- Enable situational awareness through intelligence sharing and reporting
- Applied data science techniques & visualize clusters of symbolic data
- Leverage open intelligence sources to provide unique insights for defense and offense
Development, Analytics, and Machine Learning
- Apache Spark
- Apache Zeppelin
- Jupyter Notebook
- MITRE Caret
- Python (x64)
Triage, Modelling & Hunting
- MITRE ATT&CK Navigator
- Greynoise API and GNQL
- threatcrowd API
- Threat Hunters Playbook
- MITRE TRAM
- Azure Zentinel
- AMITT Framework
- MITRE Calderra
- Red Canary ATOMIC Red Team
- MITRE Caltack Plugin
Utilities and Links
- Docker Desktop