Blue Team, Blue Team Training Toolkit, BT3, Mocksum, Pcapteller, Maligno

Blue Team Training Toolkit (BT3) is designed for network analysis training sessions, incident response drills and red team engagements. Based on adversary replication techniques, and with reusability in mind, Blue Team Training Toolkit allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk.

Malware Indicator Profile

This training material produces network indicators related to a RatankbaPOS trojan, which is requesting and downloading an update from a command-and-control (C2) server. The APT malware is associated with Lazarus Group from North Korea.

This profile will download a BT3 mockfile as executable file, simulating the update requested by the piece of malware.

Training Material Preview

This is what you can expect when using this training material during a training session or red team engagement.

  • IDS Alerts
    This section illustrates the IDS alerts produced by Snort with Emerging Threats Open Ruleset and Snort Community Ruleset. No alerts were triggered during a malware simulation with the Blue Team Training Toolkit. Please, note that future ruleset updates may produce a different result.

no_alerts

  • Indicators of Compromise
    This section highlights the indicators of compromise generated by the training material.

  • Size
    The malware indicator profile has a size of 0.029 MB.
  • Reference
    The training material has been based on threat intelligence provided by this source.

Download Premium Training Materials with Content Credits

Premium training content can be downloaded by using pre-paid content credits directly from the BT3 API command line interface. By purchasing content credits, you get the most out of your cyber security training sessions, incident response drills and red team engagements.