BT3, Blue Team Training Toolkit, computer network defense analysis training, create realistic computer attack scenario

Blue Team Training Toolkit (BT3) is software for defensive security training. By creating a free BT3 subscription account, you get access to our training content library. From here, you can download both free and premium training content ready for use with the Blue Team Training Toolkit.

The training content library includes realistic network traffic related to a wide range of attacks, mock malware samples with hash collisions, as well as malware indicator profiles. Get the training content you need right at your fingertips!

Blue Team Training Content Library has now been updated with several new PCAP files and malware indicator profiles. 

Malware Indicator Profiles – New Additions

The following malware indicator profiles have been added to the training library in October:

  • anel
    Produces network indicators related to ANEL APT backdoor, which was used in the ChessMaster campaign against government agencies in Japan.
  • anunak
    Produces network indicators related to Anunak APT malware, which is associated with criminal gangs of the Carbanak/FIN7 syndicate.
  • chches
    Produces network indicators related to ChChes APT backdoor, which was used in the ChessMaster campaign.
  • htprat
    Produces network indicators related to htpRAT, which is checking in to a command-and-control (C2) server.
  • ratankbapos
    Produces network indicators related to a RatankbaPOS trojan, which is requesting and downloading an update from a C2 server. The profile will download a BT3 mockfile as executable file, simulating the update requested by the piece of malware.

PCAP Files – New Additions

The following PCAP files have been added to the training library in October:

  • gandcrab_ransom
    Contains network traffic related to a Gandcrab ransomware infection.
  • gandcrab_ransom_v4
    Contains network traffic related to a Gandcrab ransomware version 4 infection.
  • trojan_dridex
    Contains network traffic related to a Dridex banking trojan infection.