Resources

Cybersecurity resources provide the industry with a centralized source of trusted information. If you have any questions, especially about our membership process, contact us.

Download and share these materials that tell the story of CTA, including CTA’s Joint Analysis reports, which focus on specific threats and campaign activity.

No CTA Assets Found

CTA members routinely provide other members with access to and review of blogs and intelligence reports describing malicious cyber activity.  By sharing research on significant issues, CTA members leverage their data, analysis, and cybersecurity products to expose malicious activity, prevent additional harm, and mitigate any of the activity’s effects as early and as effectively as possible.  Since May 2018, CTA members have shared over 100 blogs and intelligence reports with each other.

Use the search function to search by CTA member company name or research title. Results can also be filtered by date of publication.

168 results found.
Nov 2019

Hunting for LoLBins

Cisco
View >
Nov 2019

Emotet - What's Changed?

NETSCOUT Arbor
View >
Nov 2019

How adversaries use politics for compromise

Cisco
View >
Nov 2019

Buran Ransomware; the Evolution of VegaLocker

McAfee
View >
Nov 2019

Growing attacks using Accept-Charset exploit

Juniper Networks
View >
Nov 2019

C2 With It All: From Ransomware To Carding

Cisco
View >
Oct 2019

Stuxnet to CRASHOVERRIDE to TRISIS: Evaluating the History and Future of Integrity-Based Attacks on Industrial Environments

Dragos
View >
Oct 2019

Home & Small Office Wireless Routers Exploited to Attack Gaming Servers

Palo Alto Networks
View >
Oct 2019

Xhelper: Persistent Android Dropper App Infects 45K Devices in Past 6 Months

Symantec
View >
Oct 2019

Inside the Hacking Community Market – Reselling RIG EK Services

Check Point Software Technologies
View >
Oct 2019

Gustuff return, new features for victims

Cisco
View >
Oct 2019

In the Footsteps of a Sextortion Campaign

Check Point Software Technologies
View >
Oct 2019

Blackremote: Money Money Money – A Swedish Actor Peddles an Expensive New RAT

Palo Alto Networks
View >
Oct 2019

Checkrain fake iOS jailbreak leads to click fraud

Cisco
View >
Oct 2019

More xHunt – New PowerShell Backdoor Blocked Through DNS Tunnel Detection

Palo Alto Networks
View >
Utilize CTA’s curated selection of respected and comprehensive cybersecurity resources.

No Recommended Resources Found

Adversary Playbooks are an attempt to capture the complete collection of tools, techniques, and procedures that adversaries use to achieve their goals, arrayed in a logical sequence using the Lockheed Martin Cyber Kill Chain. If the cybersecurity community and network defenders have access to these playbooks, they can make their defensive actions more effective and impose increased costs on our adversaries. The Cyber Threat Alliance (CTA) is committed to sharing actionable intelligence that can be used to create Adversary Playbooks. Since our cyber adversaries adapt very rapidly, CTA also automates the sharing and updating of this intelligence.

This page serves as a resource for the cybersecurity community with useful tools for creating Adversary Playbooks and links to the Playbooks created by our members. If you have any questions or feedback, please contact us at admin@cyberthreatalliance.org.

Use the search function to find playbooks by CTA member author, adversary group, or threat actor.

33 results found.
Palo Alto Networks

SCARLET MIMIC

View >
Palo Alto Networks

COZYDUKE

View >
Palo Alto Networks

TH3BUG

View >