Resources

Cybersecurity resources provide the industry with a centralized source of trusted information. If you have any questions, especially about our membership process, contact us.

Adversary Playbooks are an attempt to capture the complete collection of tools, techniques, and procedures that adversaries use to achieve their goals, arrayed in a logical sequence using the Lockheed Martin Cyber Kill Chain. If the cybersecurity community and network defenders have access to these playbooks, they can make their defensive actions more effective and impose increased costs on our adversaries. The Cyber Threat Alliance (CTA) is committed to sharing actionable intelligence that can be used to create Adversary Playbooks. Since our cyber adversaries adapt very rapidly, CTA also automates the sharing and updating of this intelligence.

This page serves as a resource for the cybersecurity community with useful tools for creating Adversary Playbooks and links to the Playbooks created by our members. If you have any questions or feedback, please contact us at admin@cyberthreatalliance.org.

Use the search function to find playbooks by CTA member author, adversary group, or threat actor.

30 results found.
Fortinet

GOBLIN PANDA

View >
Fortinet

Playbook Viewer

View >
Fortinet

SILENCE GROUP

View >
Palo Alto Networks

COBALT GANG

View >
Palo Alto Networks

COZYDUKE

View >
Palo Alto Networks

DARKHYDRUS

View >
Palo Alto Networks

DRAGONOK

View >
Palo Alto Networks

EMISSARY PANDA

View >
Palo Alto Networks

GORGON GROUP

View >
Palo Alto Networks

INCEPTION

View >
Palo Alto Networks

MENUPASS

View >
Palo Alto Networks

MUDDY WATER

View >
Palo Alto Networks

OILRIG

View >
Palo Alto Networks

PATCHWORK

View >

CTA members routinely provide other members with access to and review of blogs and intelligence reports describing malicious cyber activity.  By sharing research on significant issues, CTA members leverage their data, analysis, and cybersecurity products to expose malicious activity, prevent additional harm, and mitigate any of the activity’s effects as early and as effectively as possible.  Since May 2018, CTA members have shared over 100 blogs and intelligence reports with each other.

Use the search function to search by CTA member company name or research title. Results can also be filtered by date of publication.

123 results found.
Jan 2019

.Net RAT Malware Being Spread by MS Word Documents

View >
Sep 2019

‘Fleeceware’ apps overcharge users for basic app functionality

View >
Dec 2018

‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure

View >
Jul 2019

‘Oto Gonderici’ Excel formula injections target Turkish victims

View >
May 2019

“MegaCortex” ransomware wants to be The One

View >
Jul 2019

A new Equation Editor exploit goes commercial, as maldoc attacks using it spike

View >
Apr 2019

Aggah Campaign: Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign

View >
Nov 2018

Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery

View >
May 2019

Attackers Increasingly Targeting Oracle WebLogic Server Vulnerability for XMRig and Ransomware

View >
Apr 2019

BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PCRat

View >
Jul 2019

BlueKeep PoC demonstrates risk of Remote Desktop exploit

View >
Mar 2019

Born This Way? Origins of LockerGoga

View >
Mar 2019

Breakdown of a Targeted DanaBot Attack

View >
May 2019

Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak

View >
Mar 2019

Cardinal RAT Sins Again, Targets Israeli Fin-Tech Firms

View >

Download and share these materials that tell the story of CTA, including CTA’s Joint Analysis reports, which focus on specific threats and campaign activity.

  • CTA Joint Analysis on Securing Edge Devices

  • CTA Infographic

  • Key Findings: The Illicit Cryptocurrency Mining Threat

  • CTA Illicit CryptoMining Whitepaper

  • Adversary Playbook Principles

  • What Is the CTA?

    This downloadable document explains who we are,...
Utilize CTA’s curated selection of respected and comprehensive cybersecurity resources.
11 results found.

Next Steps in Playbook Driven Cyber Security

View >

Aspen Cybersecurity Group: An Operational Collaboration Framework

View >

2018 CMO Cybersecurity Survey Key Findings

View >

Building a National Cybersecurity Strategy: Voluntary, Flexible Frameworks

View >

Cybersecurity Framework

View >

Cybersecurity Framework References, FAQ, etc.

View >

Information Sharing and Analysis Organizations

View >

May 2017 U.S. Government Cyber Executive Order

View >

Federal Funding Recs for R&D Relating to Improving Computer Code Security

View >

NIST Computer Security Incident Handling Guide

View >