{"id":13845128,"url":"https://github.com/mandiant/ThreatPursuit-VM","last_synced_at":"2025-07-12T01:31:44.345Z","repository":{"id":37674582,"uuid":"296104714","full_name":"mandiant/ThreatPursuit-VM","owner":"mandiant","description":"Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.","archived":true,"fork":false,"pushed_at":"2023-06-01T13:37:21.000Z","size":165,"stargazers_count":1236,"open_issues_count":13,"forks_count":248,"subscribers_count":70,"default_branch":"master","last_synced_at":"2024-10-29T16:58:44.348Z","etag":null,"topics":["analytics","cyber","data-science","fireeye","intelligence","intelligence-analysis","malware","mandiant","threat","threathunting","threatintelligence","virtual-machine"],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mandiant.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-09-16T17:40:19.000Z","updated_at":"2024-10-25T22:13:03.000Z","dependencies_parsed_at":"2024-07-30T14:18:55.680Z","dependency_job_id":null,"html_url":"https://github.com/mandiant/ThreatPursuit-VM","commit_stats":null,"previous_names":["fireeye/threatpursuit-vm"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/mandiant/ThreatPursuit-VM","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mandiant%2FThreatPursuit-VM","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mandiant%2FThreatPursuit-VM/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mandiant%2FThreatPursuit-VM/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mandiant%2FThreatPursuit-VM/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mandiant","download_url":"https://codeload.github.com/mandiant/ThreatPursuit-VM/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mandiant%2FThreatPursuit-VM/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264923080,"owners_count":23683716,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analytics","cyber","data-science","fireeye","intelligence","intelligence-analysis","malware","mandiant","threat","threathunting","threatintelligence","virtual-machine"],"created_at":"2024-08-04T17:03:11.638Z","updated_at":"2025-07-12T01:31:43.871Z","avatar_url":"https://github.com/mandiant.png","language":"PowerShell","funding_links":[],"categories":["PowerShell"],"sub_categories":[],"readme":"_______________________________________________________________________\n\n          __   __                         __      \n        _/  |_|  |_________  ____ _____ _/  |_    \n        \\   __|  |  \\_  __ _/ __ \\\\__  \\\\   __\\   \n         |  | |   Y  |  | \\\\  ___/ / __ \\|  |     \n         |__| |___|  |__|   \\___  (____  |__|     \n         ______  __ _________ ________ __|___/  |\n         \\____ \\|  |  \\_  __ /  ___|  |  |  \\   __\\\n         |  |_\u003e |  |  /|  | \\\\___ \\|  |  |  ||  |\n         |   __/|____/ |__| /____  |____/|__||__|\n         |__|                    \\/\n\n                MANDIANT THREAT INTELLIGENCE VM\n                       Version 2020.1\n                  threatpursuit@fireeye.com\n_______________________________________________________________________\n\n                         Created by:\n                         Dan Kennedy\n                  Jake Barteaux @day1player\n              Blaine Stancill @MalwareMechanic\n                         Nhan Huynh\n          Front Line Advanced Research and Expertise\n\nPre-Requisites\n-----------\n\nGoogle Chrome Browser\n\nOracle Java SE 11 or Greater\n\nInstallation (Install Script)\n--------------\n\nRequirements\n-----------\n\n\nRecommended\n-----------\n\n* Windows 10 1903\n* 120+ GB Hard Drive\n* 8+ GB RAM\n* 1 network adapters\n* 1024mb Graphics Card Memory\n* Enable Virtualization support for VM (Required for Docker)\n\nKnown Issues\n-----------\nUsing Oracle Virtualbox as the virtualisation software running from a Windows 10 physical host, will cause issues with the Docker install. There is currently no workaround other than using VMware Player or VMware Workstation.\n\n\nInstructions\n-----------\n\nStandard install\n\n1. Create and configure a new Windows Virtual Machine\n2. Ensure VM is updated completely. You may have to check for updates, reboot, and check again until no more remain\n3. Take a snapshot of your machine!\n4. Download and copy install.ps1 on your newly configured machine.\n5. Open PowerShell as an Administrator\n6. Unblock the install file by running Unblock-File .\\install.ps1\n7. Enable script execution by running Set-ExecutionPolicy Unrestricted -f\n8. Finally, execute the installer script as follows:\n.\\install.ps1\nYou can also pass your password as an argument: .\\install.ps1 -password \u003cpassword\u003e\nThe script will set up the Boxstarter environment and proceed to download and install the ThreatPursuit VM environment. You will be prompted for the administrator password in order to automate host restarts during installation. If you do not have a password set, hitting enter when prompted will also work.\n\n\nInstalled Tools\n-----------\n\n### Development, Analytics and Machine Learning\n- Shogun\n- Tensorflow\n- Pytorch \n- Rstudio\n- RTools\n- Darwin\n- Keras\n- Apache Spark\n- Elasticsearch\n- Kibana\n- Apache Zeppelin\n- Jupyter Notebook\n- MITRE Caret\n- Python (x64)\n\n### Visualisation\n\n- Constellation\n- Neo4J\n- CMAP \n \n### Triage, Modelling \u0026 Hunting\n\n- MISP\n- OpenCTI\n- Maltego\n- Splunk \n- Microsoft MSTIC Jupyter and Python Security Tools \n- MITRE ATT\u0026CK Navigator\n- Cortex Analyzer\n- Greynoise API and GNQL \n- threatcrowd API\n- threatcmd\n- ViperMonkey\n- Threat Hunters Playbook\n- MITRE TRAM\n- SIGMA\n- YETI\n- Azure Zentinel \n- AMITT Framework\n\n### Adversarial Emulation\n\n- MITRE Calderra\n- Red Canary ATOMIC Red Team\n- Mordor Re-play Adversarial Techniques\n- MITRE Caltack Plugin\n- APTSimulator\n- FlightSim\n\n\n### Information Gathering\n\n- Maltego\n- nmap\n- intelmq \n- dnsrecon\n- orbit\n- FOCA\n\n### Utilities and Links\n\n- CyberChef\n- KeepPass\n- FLOSS\n- peview\n- VLC\n- AutoIt3\n- Chrome\n- OpenVPN\n- Sublime\n- Notepad++\n- Docker Desktop\n- HxD\n- Sysinternals\n- Putty\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmandiant%2FThreatPursuit-VM","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmandiant%2FThreatPursuit-VM","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmandiant%2FThreatPursuit-VM/lists"}