Giter Site home page Giter Site logo

mandiant / threatpursuit-vm Goto Github PK

View Code? Open in Web Editor NEW
1.2K 71.0 240.0 165 KB

Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.

License: Other

PowerShell 98.63% AutoHotkey 1.31% Batchfile 0.06%
cyber threat threatintelligence threathunting intelligence intelligence-analysis data-science analytics malware virtual-machine

threatpursuit-vm's Introduction

      __   __                         __      
    _/  |_|  |_________  ____ _____ _/  |_    
    \   __|  |  \_  __ _/ __ \\__  \\   __\   
     |  | |   Y  |  | \\  ___/ / __ \|  |     
     |__| |___|  |__|   \___  (____  |__|     
     ______  __ _________ ________ __|___/  |
     \____ \|  |  \_  __ /  ___|  |  |  \   __\
     |  |_> |  |  /|  | \\___ \|  |  |  ||  |
     |   __/|____/ |__| /____  |____/|__||__|
     |__|                    \/

            MANDIANT THREAT INTELLIGENCE VM
                   Version 2020.1
              [email protected]

                     Created by:
                     Dan Kennedy
              Jake Barteaux @day1player
          Blaine Stancill @MalwareMechanic
                     Nhan Huynh
      Front Line Advanced Research and Expertise

Pre-Requisites

Google Chrome Browser

Oracle Java SE 11 or Greater

Installation (Install Script)

Requirements

Recommended

  • Windows 10 1903
  • 120+ GB Hard Drive
  • 8+ GB RAM
  • 1 network adapters
  • 1024mb Graphics Card Memory
  • Enable Virtualization support for VM (Required for Docker)

Known Issues

Using Oracle Virtualbox as the virtualisation software running from a Windows 10 physical host, will cause issues with the Docker install. There is currently no workaround other than using VMware Player or VMware Workstation.

Instructions

Standard install

  1. Create and configure a new Windows Virtual Machine
  2. Ensure VM is updated completely. You may have to check for updates, reboot, and check again until no more remain
  3. Take a snapshot of your machine!
  4. Download and copy install.ps1 on your newly configured machine.
  5. Open PowerShell as an Administrator
  6. Unblock the install file by running Unblock-File .\install.ps1
  7. Enable script execution by running Set-ExecutionPolicy Unrestricted -f
  8. Finally, execute the installer script as follows: .\install.ps1 You can also pass your password as an argument: .\install.ps1 -password The script will set up the Boxstarter environment and proceed to download and install the ThreatPursuit VM environment. You will be prompted for the administrator password in order to automate host restarts during installation. If you do not have a password set, hitting enter when prompted will also work.

Installed Tools

Development, Analytics and Machine Learning

  • Shogun
  • Tensorflow
  • Pytorch
  • Rstudio
  • RTools
  • Darwin
  • Keras
  • Apache Spark
  • Elasticsearch
  • Kibana
  • Apache Zeppelin
  • Jupyter Notebook
  • MITRE Caret
  • Python (x64)

Visualisation

  • Constellation
  • Neo4J
  • CMAP

Triage, Modelling & Hunting

  • MISP
  • OpenCTI
  • Maltego
  • Splunk
  • Microsoft MSTIC Jupyter and Python Security Tools
  • MITRE ATT&CK Navigator
  • Cortex Analyzer
  • Greynoise API and GNQL
  • threatcrowd API
  • threatcmd
  • ViperMonkey
  • Threat Hunters Playbook
  • MITRE TRAM
  • SIGMA
  • YETI
  • Azure Zentinel
  • AMITT Framework

Adversarial Emulation

  • MITRE Calderra
  • Red Canary ATOMIC Red Team
  • Mordor Re-play Adversarial Techniques
  • MITRE Caltack Plugin
  • APTSimulator
  • FlightSim

Information Gathering

  • Maltego
  • nmap
  • intelmq
  • dnsrecon
  • orbit
  • FOCA

Utilities and Links

  • CyberChef
  • KeepPass
  • FLOSS
  • peview
  • VLC
  • AutoIt3
  • Chrome
  • OpenVPN
  • Sublime
  • Notepad++
  • Docker Desktop
  • HxD
  • Sysinternals
  • Putty

threatpursuit-vm's People

Contributors

itzdan avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

4k4xs4ph1r3 dskho jr69ss lnaphade pmzhou ryanle88 sarulon yalonso7 s-callier amarjitghuman arvindk459895 youngjun-chang killvxk makakin dandlsv qemm unic0rn-team darn0 elsaman sneak71 wangyeyu2016 zhouzu htunctepe mlynchcogent poeblu ir-st nickrenwick techris45 julznova viriz happyqingye crackercat yountman takizawa126 guanhaifa123 jimocode beyondcy wliuxingxiangyu dongwgnod litchi125 evilares jxxhwy nethackyyc yzz-00 kiwisun nuadaandre jshpng newbiesoc 0x00finch 4n6strider adomore uchihasr cephurs swapsakker allchain rawsgit alainw68 zombieraven jack155 peterjamesbenson morpheusme re-expoc jorson-chen ljy01 khryptorgraphics apurvt delbs27 fengjixuchui dwerdwer radustate cybernetics heyun666 divy-nsh keyman9848 devjustingraham m00zh33 jilvan1234 mjgrey 02bx vhumint mik1th0n wajika stjordanis ltvthang wenshushu pianomanx webvul gebhard73 deemonsecurity f0r3ns1cat0r quinn-yan jamesallen-atx professor-moody c0ntr07 rajeshnadiminti savobit s4parke ruanjian668 jeff-lewis sherlockzm

threatpursuit-vm's Issues

Failed to install firefox.fireeye

firefox.fireeye v2019.03.13.6
firefox.fireeye package files upgrade completed. Performing other installation steps.
Pinning C:\Program Files\Mozilla Firefox\firefox.exe to taskbar
Pinning C:\Program Files\Mozilla Firefox\firefox.exe to taskbar
Could not pin C:\Program Files\Mozilla Firefox\firefox.exe to the taskbar
Could not pin C:\Program Files\Mozilla Firefox\firefox.exe to the taskbar
The upgrade of firefox.fireeye was successful.

Consider adding IntelOwl to installed applications

Hi! First I would like to thank you for this project. It is really awesome.

Would you consider the addition of IntelOwl in the list of the pre-installed tools? IntelOwl can be useful for threat intel analysts and is complementary to other installed tools like OpenCTI or MISP. Thoughts?

quirus

is this vm still under development

Installation Problems

Hi,
There are a few fixes needed to be apply to the installation.
1)In the package attackcti.fireeye in the chocolateyInstall.ps1 script in line 1 there is ' character that causes the script to fail.
2)In the package zeppelin.fireeye the hash does not match need to update the hash.

King Regards,
Gal Miller

Error during installation

d----- 11/17/2020 11:01 ChocoCache

Command start time: 20201117111326

PS>TerminatingError(): "Exception calling "DeserializeObject" with "1" argument(s): "Invalid array passed in, ',' expected. (2524): { "packages": [ {"name": "jre8"}, {"name": "openjdk11"}, {"name": "elasticsearch.fireeye"}, {"name": "kibana.fireeye"}, {"name": "splunk.fireeye"}, {"name": "maltego.fireeye"}, {"name": "Constellation.fireeye"}, {"name": "googlechrome.fireeye"}, {"name": "r"}, {"name": "rtools"}, {"name": "dotnet4.7.2"}, {"name": "cmder.fireeye"}, {"name": "git"}, {"name": "adobereader.fireeye"}, {"name": "wireshark.fireeye"}, {"name": "cyberchef.flare"}, {"name": "firefox.fireeye"}, {"name": "python3"}, {"name": "tortoisesvn"}, {"name": "sysinternals.fireeye"}, {"name": "nmap.fireeye"}, {"name": "SublimeText3.fireeye"}, {"name": "autoit.fireeye"}, {"name": "ScreenToGif.fireeye"}, {"name": "putty.fireeye"}, {"name": "vlc.fireeye"}, {"name": "7zip"}, {"name": "Greenshot.fireeye"}, {"name": "winscp.fireeye"}, {"name": "keepass.fireeye"}, {"name": "vnc-viewer.fireeye"}, {"name": "shogun.fireeye"}, {"name": "spark.fireeye"}, {"name": "Jupyter.fireeye"}, {"name": "orbit.fireeye"}, {"name": "caldera.fireeye"}, {"name": "ctiattack.fireeye"}, {"name": "APTSimulator.fireeye"}, {"name": "flightsim.fireeye"}, {"name": "opencti.fireeye"}, {"name": "spiderfoot.fireeye"}, {"name": "yara.flare"}, {"name": "xorsearch.flare"}, {"name": "xorstrings.flare"}, {"name": "tor-browser.fireeye"}, {"name": "zeppelin.fireeye"}, {"name": "MISP.fireeye"}, {"name": "keras.fireeye"}, {"name": "darwin.fireeye"}, {"name": "msticpy.fireeye"}, {"name": "threathuntersplaybook.fireeye"}, {"name": "mordor.fireeye"}, {"name": "coretex.fireeye"}, {"name": "azurezentinel.fireeye"}, {"name": "greynoise.fireeye"}, {"name": "attackcti.fireeye"}, {"name": "taxiiclient.fireeye"}, {"name": "harpoon.fireeye"}, {"name": "ctipythonstix.fireeye"}, {"name": "yeti.fireeye"}, {"name": "cmaptools"}, {"name": "eqllib.fireeye"}, {"name": "bzar.fireeye"}, {"name": "msthreathunt.fireeye"}, {"name": "sigma.fireeye"}, {"name": "amittframework.fireeye"}, {"name": "hashcheck"}, {"name": "atomicredteam.fireeye"} {"name": "atomictestharness.fireeye"} {"name": "neo4j-community.fireeye", "x64Only": true}, {"name": "peview.flare"}, {"name": "notepadplusplus", "args": "--x86"}, {"name": "notepadplusplus-textfx.fireeye"}, {"name": "hxd.fireeye"}, {"name": "SilkETW.fireeye"}, {"name": "unxUtils"}, {"name": "flare-floss.fireeye"}, {"name": "gowitness.fireeye","x64Only": true}, {"name": "dnsrecon.fireeye"}, {"name": "FOCA.fireeye"}, {"name": "docker.fireeye"}, {"name": "chromebookmarkstpvm.fireeye"}, {"name": "shortcutstpvm.fireeye"}, {"name": "openvpn.fireeye", "args":"--parameters '/SELECT_SHORTCUTS=0 /SELECT_LAUNCH=0'"} ] }""
Packages property not found! Exiting
-1
DEBUG: ----------------------------------------------------------------------

README.md & Tool classification

Hello,

Thank you very much for this project! I am in the process of installing it and everything seems to be working fine.

The question I ask myself concerns the classification of the tools present in the README.md.

Why is the "Elasticsearch" tool present in the "Development, Analytics and Machine Learning" category and not in the "Triage, Modeling & Hunting" category?

Elasticsearch (with Kibana) can be an Open Source alternative to Splunk for the triage process, right?

The other problem is the classification of the "MISP" tool.
For OpenCTI I agree with you (this one allowing to make victimology) to classify it in "Modeling".

Now regarding MISP, I don't see in any way what it does in "Triage, Modeling & Hunting":

  • The MISP correlation engine does not work when there are too many IOCs, in other words unusable.
  • MISP only runs on relational databases, which makes the "Triage" part complicated.

MISP only serves as a base for storing and sharing IOCs in a compliant way. By serving as a database and sharing IOCs, I do not see where MISP allows to do any step of "Triage, Modeling & Hunting".

Regarding "Coretex Analyzer", there is a small typo.

Best regards,

Failed to install syspin

Download of syspin.exe (19 KB) completed.
Error - hashes do not match. Actual value was '07D6C3A19A8E3E243E9545A41DD30A9EE1E9AD79CDD6D446C229D689E5AB574A'.
ERROR: Checksum for 'C:\ProgramData\chocolatey\lib\syspin\tools\syspin.exe' did not meet 'a6967e7a3c2251812dd6b3fa0265fb7b61aadc568f562a98c50c345908c6e827' for checksum type 'sha256'. Consider passing the actual checksums through with --checksum --checksum64 once you validate the checksums are appropriate. A less secure option is to pass --ignore-checksums if necessary.
The upgrade of syspin was NOT successful.

Error Installing

I got this error.

threatpursuit.win10.preconfig.fireeye is not installed. Installing...
[NuGet] Error downloading 'threatpursuit.win10.preconfig.fireeye.0.1.0' from 'https://www.myget.org/F/fireeye/api/v2/package/threatpursuit.win10.preconfig.fireeye/0.1'.
[NuGet] An error occurred while sending the request.
[NuGet]   Unable to connect to the remote server
[NuGet]   No connection could be made because the target machine actively refused it 117.18.232.200:443
[NuGet] Error downloading 'threatpursuit.win10.preconfig.fireeye.0.1.0' from 'https://www.myget.org/F/fireeye/api/v2/package/threatpursuit.win10.preconfig.fireeye/0.1'.
[NuGet] An error occurred while sending the request.
[NuGet]   Unable to connect to the remote server
[NuGet]   No connection could be made because the target machine actively refused it 117.18.232.200:443

Does the server okay?

Failed to install zeppelin.fireeye

zeppelin.fireeye v0.9.1
zeppelin.fireeye package files upgrade completed. Performing other installation steps.
File appears to be downloaded already. Verifying with package checksum to determine if it needs to be redownloaded.
Error - hashes do not match. Actual value was '9032F631445B41FF83E4542D745D0CB933698AA57F5099B07589B96656C645B2'.
Downloading zeppelin.fireeye
from 'https://github.com/apache/zeppelin/archive/v0.9.0-docker.zip'

Error - hashes do not match. Actual value was '9032F631445B41FF83E4542D745D0CB933698AA57F5099B07589B96656C645B2'.
ERROR: Checksum for 'C:\Users\myadmin\AppData\Local\ChocoCache\zeppelin.fireeye\0.9.1\zeppelin-0.9.0-docker.zip' did not meet 'BA62B9AD3BF2EFE3988BA0C2162C75CCF64F975AC22D413DD2A8DF0A968D98D8' for checksum type 'sha256'. Consider passing the actual checksums through with --checksum --checksum64 once you validate the checksums are appropriate. A less secure option is to pass --ignore-checksums if necessary.
The upgrade of zeppelin.fireeye was NOT successful.

Failures

  • zeppelin.fireeye (exited -1) - Error while running 'C:\ProgramData\chocolatey\lib\zeppelin.fireeye\Tools\chocolateyInstall.ps1'.

Failed to install SublimeText3.fireeye

Download of syspin.exe (19 KB) completed.
Error - hashes do not match. Actual value was '07D6C3A19A8E3E243E9545A41DD30A9EE1E9AD79CDD6D446C229D689E5AB574A'.
ERROR: Checksum for 'C:\ProgramData\chocolatey\lib\syspin\tools\syspin.exe' did not meet 'a6967e7a3c2251812dd6b3fa0265fb7b61aadc568f562a98c50c345908c6e827' for checksum type 'sha256'. Consider passing the actual checksums through with --checksum --checksum64 once you validate the checksums are appropriate. A less secure option is to pass --ignore-checksums if necessary.
The upgrade of syspin was NOT successful.

ublimeText3.fireeye v2019.03.13.5
sublimetext3.fireeye package files upgrade completed. Performing other installation steps.
Pinning C:\Program Files\Sublime Text 3\sublime_text.exe to taskbar
Pinning C:\Program Files\Sublime Text 3\sublime_text.exe to taskbar
Could not pin C:\Program Files\Sublime Text 3\sublime_text.exe to the taskbar
Could not pin C:\Program Files\Sublime Text 3\sublime_text.exe to the taskbar
The upgrade of sublimetext3.fireeye was successful.
Software install location not explicitly set, could be in package or
default install location if installer.

Failed to install azurezentinel.fireeye

azurezentinel.fireeye is not installed. Installing...
azurezentinel.fireeye not installed. The package was not found with the source(s) listed.
If you specified a particular version and are receiving this message, it is possible that the package name exists but the version does not.
Version: ""
Source(s): "https://www.myget.org/F/fireeye/api/v2;https://chocolatey.org/api/v2/"

Chocolatey upgraded 0/1 packages. 1 packages failed.

Failures

  • azurezentinel.fireeye - azurezentinel.fireeye not installed. The package was not found with the source(s) listed.
    If you specified a particular version and are receiving this message, it is possible that the package name exists but the version does not.
    Version: ""
    Source(s): "https://www.myget.org/F/fireeye/api/v2;https://chocolatey.org/api/v2/"

Caldera - won't start, different from Github

I've just installed TP on a Win 10 Enterprise VM (from MS) on VirtualBox.

Tried to run Caldera, but the Python packages weren't installed, so I installed them.

Then running server.py:
PS C:\Tools\Caldera > python .\server.py DEBUG:root:Agents will be considered untrusted after 60 seconds of silence DEBUG:root:Uploaded files will be put in /tmp DEBUG:root:Serving at http://0.0.0.0:8888 DEBUG:data_svc:There are 0 jobs in the scheduler ERROR:app_svc:Problem locating the "compass" plugin. Ensure CALDERA was cloned recursively.

When I cloned Caldera from Github, that folder is 153MB. The TP one is only 5MB.

Am I missing something?

Missing Packages

Few missing packages not ported from dev feed to prod feed.

  • Mordor Threat data sets
  • Cortex Analyzer
  • Microsoft MSTIC Jupyter and Python Security Tools
  • Azure Zentinel Playbooks
  • Greynoise GQNL

Failed to install python3

python3

You have python3 v3.7.9 installed. Version 3.9.1 is available based on your source(s).
python3 not upgraded. An error occurred during installation:
Updating 'python3 3.7.9' to 'python3 3.9.1' failed. Unable to find a version of 'libraries.python2.fireeye' that is compatible with 'python3 3.9.1'.

Failures

  • python3 (exited 1) - python3 not upgraded. An error occurred during installation:
    Updating 'python3 3.7.9' to 'python3 3.9.1' failed. Unable to find a version of 'libraries.python2.fireeye' that is compatible with 'python3 3.9.1'.

Splunk Password

Hello

I'm trying to find the splunk password used when splunk was installed, I've looked for %TEMP%\slunk.log but it doesn't exist.

All the Best

Successful Installation Indication

How do you know if everything installed correctly?

Is there a log file somewhere?

Are there any additional steps after the ps1 script completes?

Failed to install Greenshot.fireeyeP

Greenshot.fireeye v2019.03.13.5
greenshot.fireeye package files upgrade completed. Performing other installation steps.
Pinning C:\Program Files\Greenshot\Greenshot.exe to taskbar
Pinning C:\Program Files\Greenshot\Greenshot.exe to taskbar
Could not pin C:\Program Files\Greenshot\Greenshot.exe to the taskbar
Could not pin C:\Program Files\Greenshot\Greenshot.exe to the taskbar
The upgrade of greenshot.fireeye was successful.

Failures

  • syspin (exited -1) - Error while running 'C:\ProgramData\chocolatey\lib\syspin\tools\chocolateyInstall.ps1'.

Using a Linux Workstation Using VirtualBox/VMWare

Is there anyone using a Linux workstation tried to install ThreatPursuit on either VMWare Workstation Pro or VirtualBox? I have tried to follow the instructions exactly, but I always encounter an issue with the Docker Install. For anyone with success, I would really appreciate any advice.

Userid and passwords

Hi,
Is there a document that lists the userid and passwords for the tools. I tried logging to Splunk but I don't seem to have the userid and password

Failed to install maltego.fireeye, ctiattack.fireeye, zeppelin.firreeye

Failed to install maltego.fireeye, ctiattack.fireeye and zeppelin.firreeye during the installation phase. I double-checked by choco command as well. Please find the following error log.

  • maltego.fireeye
PS C:\Windows\system32 > choco install maltego.fireeye --source="https://www.myget.org/F/fireeye/api/v2;https://chocolatey.org/api/v2"
Chocolatey v1.2.0
Installing the following packages:
maltego.fireeye
By installing, you accept licenses for the packages.
Progress: Downloading maltego.fireeye 3.4... 100%

maltego.fireeye v3.4
maltego.fireeye package files install completed. Performing other installation steps.
Attempt to get headers for https://www.paterva.com/malv428/MaltegoSetup.v4.2.8.12786.exe failed.
  The remote file either doesn't exist, is unauthorized, or is forbidden for url 'https://www.paterva.com/malv428/MaltegoSetup.v4.2.8.12786.exe'. Exception calling "GetResponse" with "0" argument(s): "The operation has timed out"
Downloading maltego.fireeye
  from 'https://www.paterva.com/malv428/MaltegoSetup.v4.2.8.12786.exe'
ERROR: The remote file either doesn't exist, is unauthorized, or is forbidden for url 'https://www.paterva.com/malv428/MaltegoSetup.v4.2.8.12786.exe'. Exception calling "GetResponse" with "0" argument(s): "The operation has timed out"
The install of maltego.fireeye was NOT successful.
Error while running 'C:\ProgramData\chocolatey\lib\maltego.fireeye\tools\chocolateyinstall.ps1'.
 See log for details.

Chocolatey installed 0/1 packages. 1 packages failed.
 See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Failures
 - maltego.fireeye (exited 404) - Error while running 'C:\ProgramData\chocolatey\lib\maltego.fireeye\tools\chocolateyinstall.ps1'.
 See log for details.
  • ctiattack.fireeye
PS C:\Windows\system32 > choco install ctiattack.fireeye --source="https://www.myget.org/F/fireeye/api/v2;https://chocolatey.org/api/v2"
Chocolatey v1.2.0
Installing the following packages:
ctiattack.fireeye
By installing, you accept licenses for the packages.
Progress: Downloading ctiattack.fireeye 6.3... 100%

ctiattack.fireeye v6.3
ctiattack.fireeye package files install completed. Performing other installation steps.
File appears to be downloaded already. Verifying with package checksum to determine if it needs to be redownloaded.
Error - hashes do not match. Actual value was '10E25B8A629F71953BC7615D69842CB38FC1941617BC9529D37ABFD79E164CDD'.
Downloading ctiattack.fireeye
  from 'https://github.com/microsoft/msticpy/archive/v0.7.0.zip'

Download of msticpy-0.7.0.zip (-1 B) completed.
Error - hashes do not match. Actual value was '10E25B8A629F71953BC7615D69842CB38FC1941617BC9529D37ABFD79E164CDD'.
ERROR: Checksum for 'C:\Users\john\AppData\Local\Temp\ctiattack.fireeye\6.3\msticpy-0.7.0.zip' did not meet '1f76f6edb819a7d3277cb2b3ec588129d9cb89af4d5417b7ac3b906b346776f7' for checksum type 'sha256'. Consider passing the actual checksums through with --checksum --checksum64 once you validate the checksums are appropriate. A less secure option is to pass --ignore-checksums if necessary.
The install of ctiattack.fireeye was NOT successful.
Error while running 'C:\ProgramData\chocolatey\lib\ctiattack.fireeye\Tools\chocolateyInstall.ps1'.
 See log for details.

Chocolatey installed 0/1 packages. 1 packages failed.
 See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Failures
 - ctiattack.fireeye (exited -1) - Error while running 'C:\ProgramData\chocolatey\lib\ctiattack.fireeye\Tools\chocolateyInstall.ps1'.
 See log for details.

$ shasum -a 256 ~/Downloads/zeppelin-0.9.0-docker.zip 
6b815830e6734bb5194c1ea70a0d92512791f6600dcf0f6b6d2666559d7179f0  /Users/jamesyu.nakamura/Downloads/zeppelin-0.9.0-docker.zip
/Volumes/hoge2/Do_Not_Scan/work/mpr22-729 % wget https://github.com/microsoft/msticpy/archive/v0.7.0.zip
--2022-11-19 09:09:38--  https://github.com/microsoft/msticpy/archive/v0.7.0.zip
Resolving github.com (github.com)... 20.27.177.113
Connecting to github.com (github.com)|20.27.177.113|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://codeload.github.com/microsoft/msticpy/zip/refs/tags/v0.7.0 [following]
--2022-11-19 09:09:38--  https://codeload.github.com/microsoft/msticpy/zip/refs/tags/v0.7.0
Resolving codeload.github.com (codeload.github.com)... 20.27.177.114
Connecting to codeload.github.com (codeload.github.com)|20.27.177.114|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8292321 (7.9M) [application/zip]
Saving to: ‘v0.7.0.zip’

v0.7.0.zip                              100%[=============================================================================>]   7.91M  20.0MB/s    in 0.4s    

2022-11-19 09:09:39 (20.0 MB/s) - ‘v0.7.0.zip’ saved [8292321/8292321]

$ shasum -a 256 v0.7.0.zip
10e25b8a629f71953bc7615d69842cb38fc1941617bc9529d37abfd79e164cdd  v0.7.0.zip
  • zeppelin.fireeye
PS C:\Windows\system32 > choco install zeppelin.fireeye --source="https://www.myget.org/F/fireeye/api/v2;https://chocolatey.org/api/v2"
Chocolatey v1.2.0
Installing the following packages:
zeppelin.fireeye
By installing, you accept licenses for the packages.
Progress: Downloading zeppelin.fireeye 0.9.2... 100%

zeppelin.fireeye v0.9.2
zeppelin.fireeye package files install completed. Performing other installation steps.
File appears to be downloaded already. Verifying with package checksum to determine if it needs to be redownloaded.
Error - hashes do not match. Actual value was '6B815830E6734BB5194C1EA70A0D92512791F6600DCF0F6B6D2666559D7179F0'.
Downloading zeppelin.fireeye
  from 'https://github.com/apache/zeppelin/archive/v0.9.0-docker.zip'

Download of zeppelin-0.9.0-docker.zip (-1 B) completed.
Error - hashes do not match. Actual value was '6B815830E6734BB5194C1EA70A0D92512791F6600DCF0F6B6D2666559D7179F0'.
ERROR: Checksum for 'C:\Users\john\AppData\Local\Temp\zeppelin.fireeye\0.9.2\zeppelin-0.9.0-docker.zip' did not meet '9032f631445b41ff83e4542d745d0cb933698aa57f5099b07589b96656c645b2' for checksum type 'sha256'. Consider passing the actual checksums through with --checksum --checksum64 once you validate the checksums are appropriate. A less secure option is to pass --ignore-checksums if necessary.
The install of zeppelin.fireeye was NOT successful.
Error while running 'C:\ProgramData\chocolatey\lib\zeppelin.fireeye\Tools\chocolateyInstall.ps1'.
 See log for details.

Chocolatey installed 0/1 packages. 1 packages failed.
 See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Failures
 - zeppelin.fireeye (exited -1) - Error while running 'C:\ProgramData\chocolatey\lib\zeppelin.fireeye\Tools\chocolateyInstall.ps1'.
 See log for details.

Enjoy using Chocolatey? Explore more amazing features to take your
experience to the next level at
 https://chocolatey.org/compare

$ wget https://github.com/apache/zeppelin/archive/v0.9.0-docker.zip
--2022-11-19 09:12:47--  https://github.com/apache/zeppelin/archive/v0.9.0-docker.zip
Resolving github.com (github.com)... 20.27.177.113
Connecting to github.com (github.com)|20.27.177.113|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://codeload.github.com/apache/zeppelin/zip/refs/tags/v0.9.0-docker [following]
--2022-11-19 09:12:47--  https://codeload.github.com/apache/zeppelin/zip/refs/tags/v0.9.0-docker
Resolving codeload.github.com (codeload.github.com)... 20.27.177.114
Connecting to codeload.github.com (codeload.github.com)|20.27.177.114|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/zip]
Saving to: ‘v0.9.0-docker.zip’

v0.9.0-docker.zip                           [              <=>                                                             ]  43.92M  15.1MB/s    in 2.9s    

2022-11-19 09:12:50 (15.1 MB/s) - ‘v0.9.0-docker.zip’ saved [46056606]

/$ shasum -a 256 v0.9.0-docker.zip                                  
6b815830e6734bb5194c1ea70a0d92512791f6600dcf0f6b6d2666559d7179f0  v0.9.0-docker.zip

MITRE TRAM

Hey

was looking for MITRE TRAM in Threatpursuit but couldn't find any sign of it or mentions of it in the packages. am I missing something obvious or is it not currently being installed? cheers

Caldera isse

When I run file server.py , I get below error
PS C:\Tools\Caldera > python .\server.py
Traceback (most recent call last):
File "C:\Tools\Caldera\server.py", line 7, in
import yaml
ModuleNotFoundError: No module named 'yaml'
THREATPURSUIT 8/11/2021 3:05:09 PM

Powershell error - string escape

The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double quotation marks ("&") to pass

`PS C:\Users\FR\Desktop> .\install.ps1
At C:\Users\FR\Desktop\install.ps1:168 char:21

  •             Sign&nbsp;up

  •                 ~

The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
quotation marks ("&") to pass it as part of a string.
At C:\Users\FR\Desktop\install.ps1:195 char:190

  • ... ata-ga-click="(Logged out) Header, go to Features">Features <span cla ...
  •                                                             ~

The '<' operator is reserved for future use.
At C:\Users\FR\Desktop\install.ps1:195 char:261

  • ... ="Bump-link-symbol float-right text-normal text-gray-light">→</s ...
  •                                                             ~

The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
quotation marks ("&") to pass it as part of a string.
At C:\Users\FR\Desktop\install.ps1:209 char:255

  • ... ogged out) Header, go to Customer stories">Customer stories <span cla ...
  •                                                             ~

The '<' operator is reserved for future use.
At C:\Users\FR\Desktop\install.ps1:209 char:326

  • ... ="Bump-link-symbol float-right text-normal text-gray-light">→</s ...
  •                                                             ~

The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
quotation marks ("&") to pass it as part of a string.
At C:\Users\FR\Desktop\install.ps1:210 char:231

  • ... ata-ga-click="(Logged out) Header, go to Security">Security <span cla ...
  •                                                             ~

The '<' operator is reserved for future use.
At C:\Users\FR\Desktop\install.ps1:210 char:302

  • ... ="Bump-link-symbol float-right text-normal text-gray-light">→</s ...
  •                                                             ~

The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
quotation marks ("&") to pass it as part of a string.
At C:\Users\FR\Desktop\install.ps1:233 char:222

  • ... a-click="(Logged out) Header, go to Explore">Explore GitHub <span cla ...
  •                                                             ~

The '<' operator is reserved for future use.
At C:\Users\FR\Desktop\install.ps1:233 char:293

  • ... ="Bump-link-symbol float-right text-normal text-gray-light">→</s ...
  •                                                             ~

The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
quotation marks ("&") to pass it as part of a string.
At C:\Users\FR\Desktop\install.ps1:236 char:107

  • ... text-normal text-mono f5 mb-2 border-lg-top pt-lg-3">Learn & con ...
  •                                                             ~

The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
quotation marks ("&") to pass it as part of a string.
Not all parse errors were reported. Correct the reported errors and try again.
+ CategoryInfo : ParserError: (:) [], ParseException
+ FullyQualifiedErrorId : AmpersandNotAllowed`

[IMPROVEMENT] Additional Open Source packages

Hi,
This VM is a very smart idea. Congratulation for your great work!

My 2 cents for improvements:

  • You did include analyzers and responders, but they are quite useless without their front-end and back-end
  • Hence, you should install TheHive and Cortex in addition to the Cortex-Analyzers
   git pull https://github.com/TheHive-Project/TheHive
   git pull https://github.com/TheHive-Project/Cortex
  • You should include Watcher, a good tool to monitor typo-squatting domains and their changes (IP, content, etc.)
git pull https://github.com/thalesgroup-cert/Watcher

These 3 software have Docker capabilities, which matches your model, like MISP and OpenCTI.

Kind regards,

Failed to install ctiattack.fireeye

ctiattack.fireeye v6.2
ctiattack.fireeye package files upgrade completed. Performing other installation steps.
File appears to be downloaded already. Verifying with package checksum to determine if it needs to be redownloaded.
File appears to be downloaded already. Verifying with package checksum to determine if it needs to be redownloaded.
Error - hashes do not match. Actual value was 'F76B9066F9230859D63BF822999E818E7313CC9BA997AD1A63CD86CB009143D48D99C08BB3E46E1C9F4F2113D1906FF3601B2BC3B90A1DB78CF7BC1C394BD45A'.
Downloading ctiattack.fireeye
from 'https://github.com/microsoft/msticpy/archive/v0.7.0.zip'
Error - hashes do not match. Actual value was 'F76B9066F9230859D63BF822999E818E7313CC9BA997AD1A63CD86CB009143D48D99C08BB3E46E1C9F4F2113D1906FF3601B2BC3B90A1DB78CF7BC1C394BD45A'.
ERROR: Checksum for 'C:\Users\myadmin\AppData\Local\ChocoCache\ctiattack.fireeye\6.2\msticpy-0.7.0.zip' did not meet '1f76f6edb819a7d3277cb2b3ec588129d9cb89af4d5417b7ac3b906b346776f7' for checksum type 'sha512'. Consider passing the actual checksums through with --checksum --checksum64 once you validate the checksums are appropriate. A less secure option is to pass --ignore-checksums if necessary.
The upgrade of ctiattack.fireeye was NOT successful.
Error while running 'C:\ProgramData\chocolatey\lib\ctiattack.fireeye\Tools\chocolateyInstall.ps1'.

Failures

  • ctiattack.fireeye (exited -1) - Error while running 'C:\ProgramData\chocolatey\lib\ctiattack.fireeye\Tools\chocolateyInstall.ps1'.

Docker Error During/Post Install

Trying to install this on a VirtualBox VM, both host and VM are Windows 10. The install seemed to be going along fine, and possibly finished, as I am not seeing a shell anymore. I am however getting a docker error "System.InvalidOperationException:
Failed to deploy distro docker-desktop to C:\Users\User\AppData\Local\Docker\wsl\distro: exit code: -1
stdout: Please enable the Virtual Machine Platform Windows feature and ensure virtualization is enabled in the BIOS.......", Full error message attached.
Full Docker Error Message.txt

In troubleshooting I have confirmed that windows features Hyper-V and Windows Virtual Platform are enabled, and stay enabled through a reboot. In the Virtual Box settings I have both PAE/NX and Nested VT-x/AMD-V enabled. Also Confirmed that I am using WSL Version 2, but when I check on it' status it remains "Stopped".

Running Windows 10 Enterprise Evaluation Version 2004

What am I missing?

I am attaching the diagnostic log referenced in the docker error to this post as well.
diagnostics[1].log

4 issues

Upgrading the following packages:
python3
By upgrading you accept licenses for the packages.

You have python3 v3.7.9 installed. Version 3.9.2 is available based on your source(s).
python3 not upgraded. An error occurred during installation:
Updating 'python3 3.7.9' to 'python3 3.9.2' failed. Unable to find a version of 'libraries.python2.fireeye' that is compatible with 'python3 3.9.2'.
python3 package files upgrade completed. Performing other installation steps.
The upgrade of python3 was NOT successful.
python3 not upgraded. An error occurred during installation:
Updating 'python3 3.7.9' to 'python3 3.9.2' failed. Unable to find a version of 'libraries.python2.fireeye' that is compatible with 'python3 3.9.2'.

Chocolatey upgraded 0/1 packages. 1 packages failed.
See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Failures

  • python3 (exited 1) - python3 not upgraded. An error occurred during installation:
    Updating 'python3 3.7.9' to 'python3 3.9.2' failed. Unable to find a version of 'libraries.python2.fireeye' that is compatible with 'python3 3.9.2'.
    Chocolatey reported an unsuccessful exit code of 1. See C:\Users\User\AppData\Local\Boxstarter\boxstarter.log for details.
    Boxstarter: Error from Chocolatey:

Message : Chocolatey reported an unsuccessful exit code of 1. See C:\Users\User\AppData\Local\Boxstarter\boxstarter.log for details.
Data : {}
InnerException :
TargetSite :
StackTrace :
HelpLink :
Source :
HResult : -2146233087

Boxstarter: Error from Chocolatey:

Message : Chocolatey reported an unsuccessful exit code of 1. See C:\Users\User\AppData\Local\Boxstarter\boxstarter.log for details.
Data : {}
InnerException :
TargetSite :
StackTrace :
HelpLink :
Source :
HResult : -2146233087

  • Boxstarter finished Calling Chocolatey to install python3. This may take several minutes to complete... 00:00:22.5390897
  • Boxstarter finished Calling Chocolatey to install python3. This may take several minutes to complete... 00:00:22.5390897

ExitCode: 1
ExitCode: 1
Failed to install python3

WARNING: [!] Installing using host choco.exe! Errors are ignored. Please check to confirm sysinternals.fireeye is installed properly
WARNING: [!] Executing: iex choco upgrade sysinternals.fireeye --cacheLocation C:\Users\User\AppData\Local\ChocoCache -y

  • Boxstarter starting Calling Chocolatey to install sysinternals.fireeye. This may take several minutes to complete...
  • Boxstarter starting Calling Chocolatey to install sysinternals.fireeye. This may take several minutes to complete...
    Upgrading the following packages:
    sysinternals.fireeye
    By upgrading you accept licenses for the packages.
    sysinternals.fireeye is not installed. Installing...
    [NuGet] Attempting to resolve dependency 'common.fireeye '.
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    Progress: Downloading sysinternals.fireeye 2020.03.02.1... 100%
    [NuGet] Attempting to resolve dependency 'kb2533623 '.
    [NuGet] Attempting to resolve dependency 'KB3063858 (≥ 1.0.0)'.
    [NuGet] Attempting to resolve dependency 'chocolatey-windowsupdate.extension (≥ 1.0.4)'.
    [NuGet] Attempting to resolve dependency 'sysinternals '.
    [NuGet] Attempting to resolve dependency 'chocolatey-core.extension (≥ 1.3.3)'.
    [NuGet] Installing 'sysinternals 2021.1.19'.
    [NuGet] Successfully installed 'sysinternals 2021.1.19'.

sysinternals v2021.1.19 [Approved]
sysinternals package files upgrade completed. Performing other installation steps.
Sysinternals Suite is going to be installed in 'C:\ProgramData\chocolatey\lib\sysinternals\tools'
Sysinternals Suite is going to be installed in 'C:\ProgramData\chocolatey\lib\sysinternals\tools'
Downloading sysinternals
from 'https://download.sysinternals.com/files/SysinternalsSuite.zip'
Downloading sysinternals
from 'https://download.sysinternals.com/files/SysinternalsSuite.zip'
Progress: 100% - Completed download of C:\Users\User\AppData\Local\ChocoCache\sysinternals\2021.1.19\SysinternalsSuite.zip (38.03 MB).

Download of SysinternalsSuite.zip (38.03 MB) completed.
Download of SysinternalsSuite.zip (38.03 MB) completed.
Error - hashes do not match. Actual value was '2000391D565C62A89350FC1412A32443C72BDFC99631388A0A0C5ADAA3A84BC7'.
ERROR: Checksum for 'C:\Users\User\AppData\Local\ChocoCache\sysinternals\2021.1.19\SysinternalsSuite.zip' did not meet '651535bed37537990db862c912cc58af92ecba501cb83672f29eeb9628df090c' for checksum type 'sha256'. Consider passing the actual checksums through with --checksum --checksum64 once you validate the checksums are appropriate. A less secure option is to pass --ignore-checksums if necessary.
The upgrade of sysinternals was NOT successful.
Error while running 'C:\ProgramData\chocolatey\lib\sysinternals\tools\chocolateyInstall.ps1'.
See log for details.
[NuGet] Installing 'sysinternals.fireeye 2020.03.02.1'.
[NuGet] Successfully installed 'sysinternals.fireeye 2020.03.02.1'.

sysinternals.fireeye v2020.03.02.1
sysinternals.fireeye package files upgrade completed. Performing other installation steps.
ERROR: The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: Cannot find path 'C:\ProgramData\chocolatey\lib\sysinternals\tools' because it does not exist.
The upgrade of sysinternals.fireeye was NOT successful.
Error while running 'C:\ProgramData\chocolatey\lib\sysinternals.fireeye\tools\chocolateyInstall.ps1'.
See log for details.

Chocolatey upgraded 0/2 packages. 2 packages failed.
See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Failures

  • sysinternals.fireeye (exited -1) - Error while running 'C:\ProgramData\chocolatey\lib\sysinternals.fireeye\tools\chocolateyInstall.ps1'.
    See log for details.
  • sysinternals (exited -1) - Error while running 'C:\ProgramData\chocolatey\lib\sysinternals\tools\chocolateyInstall.ps1'.
    See log for details.
    Chocolatey reported an unsuccessful exit code of -1. See C:\Users\User\AppData\Local\Boxstarter\boxstarter.log for details.
    Boxstarter: Error from Chocolatey:

Message : Chocolatey reported an unsuccessful exit code of -1. See C:\Users\User\AppData\Local\Boxstarter\boxstarter.log for details.
Data : {}
InnerException :
TargetSite :
StackTrace :
HelpLink :
Source :
HResult : -2146233087

Boxstarter: Error from Chocolatey:

Message : Chocolatey reported an unsuccessful exit code of -1. See C:\Users\User\AppData\Local\Boxstarter\boxstarter.log for details.
Data : {}
InnerException :
TargetSite :
StackTrace :
HelpLink :
Source :
HResult : -2146233087

  • Boxstarter finished Calling Chocolatey to install sysinternals.fireeye. This may take several minutes to complete... 00:00:58.1387073
  • Boxstarter finished Calling Chocolatey to install sysinternals.fireeye. This may take several minutes to complete... 00:00:58.1387073

ExitCode: -1
ExitCode: -1
Failed to install sysinternals.fireeye

WARNING: [!] Installing using host choco.exe! Errors are ignored. Please check to confirm zeppelin.fireeye is installed properly
WARNING: [!] Executing: iex choco upgrade zeppelin.fireeye --cacheLocation C:\Users\User\AppData\Local\ChocoCache -y

  • Boxstarter starting Calling Chocolatey to install zeppelin.fireeye. This may take several minutes to complete...
  • Boxstarter starting Calling Chocolatey to install zeppelin.fireeye. This may take several minutes to complete...
    Upgrading the following packages:
    zeppelin.fireeye
    By upgrading you accept licenses for the packages.
    zeppelin.fireeye is not installed. Installing...
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    Progress: Downloading zeppelin.fireeye 0.9.2... 100%
    [NuGet] Installing 'zeppelin.fireeye 0.9.2'.
    [NuGet] Successfully installed 'zeppelin.fireeye 0.9.2'.

zeppelin.fireeye v0.9.2
zeppelin.fireeye package files upgrade completed. Performing other installation steps.
Downloading zeppelin.fireeye
from 'https://github.com/apache/zeppelin/archive/v0.9.0-docker.zip'
Downloading zeppelin.fireeye
from 'https://github.com/apache/zeppelin/archive/v0.9.0-docker.zip'

Download of zeppelin-0.9.0-docker.zip (-1 B) completed.
Download of zeppelin-0.9.0-docker.zip (-1 B) completed.
Error - hashes do not match. Actual value was '6B815830E6734BB5194C1EA70A0D92512791F6600DCF0F6B6D2666559D7179F0'.
ERROR: Checksum for 'C:\Users\User\AppData\Local\ChocoCache\zeppelin.fireeye\0.9.2\zeppelin-0.9.0-docker.zip' did not meet '9032f631445b41ff83e4542d745d0cb933698aa57f5099b07589b96656c645b2' for checksum type 'sha256'. Consider passing the actual checksums through with --checksum --checksum64 once you validate the checksums are appropriate. A less secure option is to pass --ignore-checksums if necessary.
The upgrade of zeppelin.fireeye was NOT successful.
Error while running 'C:\ProgramData\chocolatey\lib\zeppelin.fireeye\Tools\chocolateyInstall.ps1'.
See log for details.

Chocolatey upgraded 0/1 packages. 1 packages failed.
See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Failures

  • zeppelin.fireeye (exited -1) - Error while running 'C:\ProgramData\chocolatey\lib\zeppelin.fireeye\Tools\chocolateyInstall.ps1'.
    See log for details.
    Chocolatey reported an unsuccessful exit code of -1. See C:\Users\User\AppData\Local\Boxstarter\boxstarter.log for details.
    Boxstarter: Error from Chocolatey:

Message : Chocolatey reported an unsuccessful exit code of -1. See C:\Users\User\AppData\Local\Boxstarter\boxstarter.log for details.
Data : {}
InnerException :
TargetSite :
StackTrace :
HelpLink :
Source :
HResult : -2146233087

Boxstarter: Error from Chocolatey:

Message : Chocolatey reported an unsuccessful exit code of -1. See C:\Users\User\AppData\Local\Boxstarter\boxstarter.log for details.
Data : {}
InnerException :
TargetSite :
StackTrace :
HelpLink :
Source :
HResult : -2146233087

  • Boxstarter finished Calling Chocolatey to install zeppelin.fireeye. This may take several minutes to complete... 00:00:13.8647223
  • Boxstarter finished Calling Chocolatey to install zeppelin.fireeye. This may take several minutes to complete... 00:00:13.8647223

ExitCode: -1
ExitCode: -1
Failed to install zeppelin.fireeye

WARNING: [!] Installing using host choco.exe! Errors are ignored. Please check to confirm chromebookmarkstpvm.fireeye is installed properly
WARNING: [!] Executing: iex choco upgrade chromebookmarkstpvm.fireeye --cacheLocation C:\Users\User\AppData\Local\ChocoCache -y

  • Boxstarter starting Calling Chocolatey to install chromebookmarkstpvm.fireeye. This may take several minutes to complete...
  • Boxstarter starting Calling Chocolatey to install chromebookmarkstpvm.fireeye. This may take several minutes to complete...
    Upgrading the following packages:
    chromebookmarkstpvm.fireeye
    By upgrading you accept licenses for the packages.
    chromebookmarkstpvm.fireeye is not installed. Installing...
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    Progress: Downloading chromebookmarkstpvm.fireeye 0.2... 100%
    [NuGet] Installing 'chromebookmarkstpvm.fireeye 0.2'.
    [NuGet] Successfully installed 'chromebookmarkstpvm.fireeye 0.2'.

chromebookmarkstpvm.fireeye v0.2
chromebookmarkstpvm.fireeye package files upgrade completed. Performing other installation steps.
ERROR: The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: An item with the specified name C:\Users\User\AppData\Local\Google\Chrome\User Data\Default already exists.
The upgrade of chromebookmarkstpvm.fireeye was NOT successful.
Error while running 'C:\ProgramData\chocolatey\lib\chromebookmarkstpvm.fireeye\tools\chocolateyinstall.ps1'.
See log for details.

Chocolatey upgraded 0/1 packages. 1 packages failed.
See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Failures

  • chromebookmarkstpvm.fireeye (exited -1) - Error while running 'C:\ProgramData\chocolatey\lib\chromebookmarkstpvm.fireeye\tools\chocolateyinstall.ps1'.
    See log for details.
    Chocolatey reported an unsuccessful exit code of -1. See C:\Users\User\AppData\Local\Boxstarter\boxstarter.log for details.
    Boxstarter: Error from Chocolatey:

Message : Chocolatey reported an unsuccessful exit code of -1. See C:\Users\User\AppData\Local\Boxstarter\boxstarter.log for details.
Data : {}
InnerException :
TargetSite :
StackTrace :
HelpLink :
Source :
HResult : -2146233087

Boxstarter: Error from Chocolatey:

Message : Chocolatey reported an unsuccessful exit code of -1. See C:\Users\User\AppData\Local\Boxstarter\boxstarter.log for details.
Data : {}
InnerException :
TargetSite :
StackTrace :
HelpLink :
Source :
HResult : -2146233087

  • Boxstarter finished Calling Chocolatey to install chromebookmarkstpvm.fireeye. This may take several minutes to complete... 00:00:06.8936387
  • Boxstarter finished Calling Chocolatey to install chromebookmarkstpvm.fireeye. This may take several minutes to complete... 00:00:06.8936387

ExitCode: -1
ExitCode: -1
Failed to install chromebookmarkstpvm.fireeye

Issue with UNCPathSoftening

Hi,

the cmd window last line reads
[+] Executing c:\ProgramData\chocolatey\lib\threatpursuit.win10.config.fireeye\tools\UNCPathSoftening.ahk

It opened the group policy editor and nothing happens. It seems to got stuck.

Any idea? Thanks!

Unavailable services

Splunk works but it is configured with an unknown username & password. Tried running Jupyter notebooks with 'jupyter notebook' and got it is not a recognized command so it will not start. I checked docker containers and I see nothing is in there, I'm assuming it is needed to run ELK, beyond that navigating to localhost:5601 does not work. Also tried MISP, not sure what port it is configured to run on, regular port 80 does not return a page. Can you provide some instructions for turning on these services, credentials where needed etc. Maybe a more detailed readme?

MISP docker issue - missing pythonlib skbuild

A issue was newly identified during the MISP docker setup, a missing python library Scikit-build skbuild during the setup of a MISP dependency OpenCV. This is causing the installation to exit.

The following error is observed;

Collecting opencv-python==4.4.0.44 (from -r REQUIREMENTS (line 56))
  Downloading https://files.pythonhosted.org/packages/38/a9/cd39fd25df434b5d9451dc266c12b72f68282a2b9bd5d7b4aa2d57d6c20e/opencv-python-4.4.0.44.tar.gz (88.9MB)
    Complete output from command python setup.py egg_info:
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-build-fcrux1i_/opencv-python/setup.py", line 9, in <module>
        import skbuild
    ModuleNotFoundError: No module named 'skbuild'

Installation Error: threatpursuit.win10.installer.fireeye not installed. The package was not found with the source(s) listed.

Hello,

I am trying to install ThreatPursuit on a Windows10 (Version 10.0.19045 Build 19045) but soon after starting the installation, it fails. I have checked the error log file under "C:\ProgramData\chocolatey\logs\chocolatey.log" and it seems like the installer is unable to fetch data from https://www.myget.org/F/fireeye/api/v2 & https://chocolatey.org/api/v2' and gets 404.

I am not an expert but based on what I read and what I understood, this is the problem. I am trying to install this on a personal laptop and there are no proxy or firewall settings which are blocking the connection. There are no network issues because I installed it using the same network 2 weeks back on another laptop. I have tried different internet connections but to no luck. Can someone help please. I am including the log file dump for reference.
choco.summary.log
chocolatey.log

Uninstall Windows Fax and Scan Services

Disable-WindowsOptionalFeature : Feature name FaxServicesClientPackage is unknown

Disable-WindowsOptionalFeature -Online -FeatureName "FaxServicesClientPackage

Why Windows?

Hi,

This is just curious question - why the dedicated platform to install tooling is Windows?

Best regards

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.