Blue Team Training Toolkit (BT3) is software for defensive security training. By creating a free BT3 subscription account, you get access to our training content library. From here, you can download both free and premium training content ready for use with the Blue Team Training Toolkit.
The training content library includes realistic network traffic related to a wide range of attacks, mock malware samples with hash collisions, as well as malware indicator profiles. Get the training content you need right at your fingertips!
Blue Team Training Content Library has now been updated with several new mock files and malware indicator profiles.
Mock Files – New Additions
The following mock files have been added to the training library in February:
- win_x86_keylogger_reverse_udp
Mimics a Windows x86 keylogger reverse UDP with MD5 hash collision.
- win_x86_mimikatz
Mimics a Windows x86 mimikatz with MD5 hash collision.
- win_x86_msiexec
Mimics a Windows x86 msiexec payload download and execution with MD5 hash collision.
- win_x86_url_download_file
Mimics a Windows x86 URL download to file and execution with MD5 hash collision.
Malware Indicator Profiles – New Additions
The following malware indicator profiles have been added to the training library in February:
- chopstick_v1
Produces network indicators related to a CHOPSTICK v1 backdoor including module identification, which is used by APT28, a Russian threat actor.
- chopstick_v2
Produces network indicators related to a CHOPSTICK v2 backdoor starting C2 communications, which is used by APT28, a Russian threat actor.
- datper
Produces network indicators related to a Datper APT backdoor, which was used by Tick threat actor against Japan and South Korea.
- gofarer
Produces network indicators related to Gofarer downloader, which is used by Tick APT group.
- oldbait
Produces network indicators related to Oldbait credential harvester, which is used by APT28, a Russian threat actor.
- powruner_1
Produces network indicators related to POWRUNER backdoor, which is used by APT34, an Iranian threat actor.
- powruner_2
Produces network indicators related to POWRUNER backdoor. The profile is simulating a shutdown response.