The ability to analyze network threats is very important in security research. Traditional approaches, involving sandboxing technology are limited to simulating a single host, missing local network attacks. This issue is addressed by designing a threat analysis framework that uses software-deﬁned networking for simulating arbitrary networks. The presented system offers ﬂexibility, allowing a security researcher to deﬁne a virtual network that is able to capture malicious actions and to be restored to the initial state afterwards. Both the framework design and common usage scenarios are described. By providing this framework, we aim to ease the analysis effort in combating cyberthreats.