BT3, Blue Team Training Toolkit, computer network defense analysis training, create realistic computer attack scenario

Blue Team Training Toolkit (BT3) is software for defensive security training. By creating a free BT3 subscription account, you get access to our training content library. From here, you can download both free and premium training content ready for use with the Blue Team Training Toolkit.

The training content library includes realistic network traffic related to a wide range of attacks, mock malware samples with hash collisions, as well as malware indicator profiles. Get the training content you need right at your fingertips!

Blue Team Training Content Library has now been updated with several new mock files and malware indicator profiles.

Mock Files – New Additions

The following mock files have been added to the training library in February:

  • win_x86_msiexec
    Mimics a Windows x86 msiexec payload download and execution with MD5 hash collision.

Malware Indicator Profiles – New Additions

The following malware indicator profiles have been added to the training library in February:

  • chopstick_v1
    Produces network indicators related to a CHOPSTICK v1 backdoor including module identification, which is used by APT28, a Russian threat actor.
  • chopstick_v2
    Produces network indicators related to a CHOPSTICK v2 backdoor starting C2 communications, which is used by APT28, a Russian threat actor.
  • datper
    Produces network indicators related to a Datper APT backdoor, which was used by Tick threat actor against Japan and South Korea.
  • gofarer
    Produces network indicators related to Gofarer downloader, which is used by Tick APT group.
  • oldbait
    Produces network indicators related to Oldbait credential harvester, which is used by APT28, a Russian threat actor.
  • powruner_1
    Produces network indicators related to POWRUNER backdoor, which is used by APT34, an Iranian threat actor.
  • powruner_2
    Produces network indicators related to POWRUNER backdoor. The profile is simulating a shutdown response.