Resources

Cybersecurity resources provide the industry with a centralized source of trusted information. If you have any questions, especially about our membership process, contact us.

Download and share these materials that tell the story of CTA, including CTA’s Joint Analysis reports, which focus on specific threats and campaign activity.

  • What Is the CTA?

    This downloadable document explains who we are,...
  • Lucrative Ransomware Attacks: Analysis of the Cryptowall Version 3 Threat

    CryptoWall is one of the most lucrative...

CTA members routinely provide other members with access to and review of blogs and intelligence reports describing malicious cyber activity.  By sharing research on significant issues, CTA members leverage their data, analysis, and cybersecurity products to expose malicious activity, prevent additional harm, and mitigate any of the activity’s effects as early and as effectively as possible.  Since May 2018, CTA members have shared over 100 blogs and intelligence reports with each other.

Use the search function to search by CTA member company name or research title. Results can also be filtered by date of publication.

168 results found.
Dec 2019

Introducing BIOLOAD: FIN7 BOOSTWRITE’s Lost Twin

Fortinet
View >
Dec 2019

Gozi V3: tracked by their own stealth

Sophos
View >
Dec 2019

Stalking Stalkerware: A Deep Dive Into FlexiSPY

Juniper Networks
View >
Dec 2019

MyKings botnet spreads headaches, cryptominers, and Forshare malware

Sophos
View >
Dec 2019

Discovering a new Agent Tesla malware sample

NTT Security
View >
Dec 2019

Snatch ransomware reboots PCs into Safe Mode to bypass protection

Sophos
View >
Dec 2019

Cosmic Banker campaign is still active revealing link with Banload malware

Scitum
View >
Dec 2019

Incident Response Casefile – A successful BEC leveraging lookalike domains

Check Point Software Technologies
View >
Dec 2019

xHunt Actor’s Cheat Sheet

Palo Alto Networks
View >
Dec 2019

APAC’s Compromised Domains Fuel Emotet Campaign

Palo Alto Networks
View >
Nov 2019

Server-Side Request Forgery Exposes Data of Technology, Industrial and Media Organizations

Palo Alto Networks
View >
Nov 2019

Long-known Vulnerabilities in High-Profile Android Applications

Check Point Software Technologies
View >
Nov 2019

Docker Patched the Most Severe Copy Vulnerability to Date With CVE-2019-14271

Palo Alto Networks
View >
Nov 2019

Packers: What’s in the Box?

Fortinet
View >
Nov 2019

New Emotet Report Details Threats From One of the World’s Most Successful Malware Operations

Fortinet
View >
Utilize CTA’s curated selection of respected and comprehensive cybersecurity resources.
16 results found.

NIST Computer Security Incident Handling Guide

View >

Adversary Playbooks are an attempt to capture the complete collection of tools, techniques, and procedures that adversaries use to achieve their goals, arrayed in a logical sequence using the Lockheed Martin Cyber Kill Chain. If the cybersecurity community and network defenders have access to these playbooks, they can make their defensive actions more effective and impose increased costs on our adversaries. The Cyber Threat Alliance (CTA) is committed to sharing actionable intelligence that can be used to create Adversary Playbooks. Since our cyber adversaries adapt very rapidly, CTA also automates the sharing and updating of this intelligence.

This page serves as a resource for the cybersecurity community with useful tools for creating Adversary Playbooks and links to the Playbooks created by our members. If you have any questions or feedback, please contact us at admin@cyberthreatalliance.org.

Use the search function to find playbooks by CTA member author, adversary group, or threat actor.

33 results found.
Palo Alto Networks

SOFACY

View >
Fortinet

GOBLIN PANDA

View >
Palo Alto Networks

COBALT GANG

View >
Palo Alto Networks

INCEPTION

View >
Palo Alto Networks

GORGON GROUP

View >
Palo Alto Networks

DARKHYDRUS

View >
Palo Alto Networks

RANCOR

View >
Palo Alto Networks

WINDSHIFT

View >
Palo Alto Networks

PATCHWORK

View >
Palo Alto Networks

PICKAXE

View >
Palo Alto Networks

DRAGONOK

View >
Palo Alto Networks

TICK

View >
Palo Alto Networks

REAPER

View >
Palo Alto Networks

OILRIG

View >
Palo Alto Networks

MENUPASS

View >