Resources

Cybersecurity resources provide the industry with a centralized source of trusted information. If you have any questions, especially about our membership process, contact us.

Download and share these materials that tell the story of CTA, including CTA’s Joint Analysis reports, which focus on specific threats and campaign activity.

  • Lucrative Ransomware Attacks: Analysis of the Cryptowall Version 3 Threat

CTA members routinely provide other members with access to and review of blogs and intelligence reports describing malicious cyber activity.  By sharing research on significant issues, CTA members leverage their data, analysis, and cybersecurity products to expose malicious activity, prevent additional harm, and mitigate any of the activity’s effects as early and as effectively as possible.  Since May 2018, CTA members have shared over 200 blogs and intelligence reports with each other.

Use the search function to search by CTA member company name or research title. Results can also be filtered by date of publication.

326 results found.
Oct 2020

Priority threat actors adopt Mirai source code

Juniper Networks
View >
Oct 2020

Top Alexa Sites Infected With Malicious Coinminers and Web Skimmer

Palo Alto Networks
View >
Sep 2020

LodaRAT Update: Alive and Well

Cisco
View >
Sep 2020

Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors

Symantec
View >
Sep 2020

Email-delivered MoDi RAT attack pastes PowerShell commands

Sophos
View >
Sep 2020

Case Study: Emotet Thread Hijacking, an Email Attack Technique

Palo Alto Networks
View >
Sep 2020

RampantKitten: An Iranian Surveillance Operation unraveled

Check Point Software Technologies
View >
Sep 2020

APT41: Indictments Put Chinese Espionage Group in the Spotlight

Symantec
View >
Sep 2020

Maze attackers adopt Ragnar Locker virtual machine technique

Sophos
View >
Sep 2020

Shadow IT, The Most Significant Cybersecurity Risk During Covid-19, Explained

K7 Computing
View >
Sep 2020

The Challenge of Persistence in Containers and Serverless

Palo Alto Networks
View >
Sep 2020

Faking it: the thriving business of “fake alert” web scams

Sophos
View >
Sep 2020

Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa

Palo Alto Networks
View >
Sep 2020

Exploits in the Wild for vBulletin Pre-Auth RCE Vulnerability CVE-2020-17496

Palo Alto Networks
View >
Sep 2020

Salfram: Robbing the place without removing your name tag

Cisco
View >
Utilize CTA’s curated selection of respected and comprehensive cybersecurity resources.

No Recommended Resources Found

Adversary Playbooks are an attempt to capture the complete collection of tools, techniques, and procedures that adversaries use to achieve their goals, arrayed in a logical sequence using the Lockheed Martin Cyber Kill Chain. If the cybersecurity community and network defenders have access to these playbooks, they can make their defensive actions more effective and impose increased costs on our adversaries. The Cyber Threat Alliance (CTA) is committed to sharing actionable intelligence that can be used to create Adversary Playbooks. Since our cyber adversaries adapt very rapidly, CTA also automates the sharing and updating of this intelligence.

This page serves as a resource for the cybersecurity community with useful tools for creating Adversary Playbooks and links to the Playbooks created by our members. If you have any questions or feedback, please contact us at admin@cyberthreatalliance.org.

Use the search function to find playbooks by CTA member author, adversary group, or threat actor.

38 results found.
Palo Alto Networks

DRAGONOK

View >
Palo Alto Networks

TICK

View >
Palo Alto Networks

REAPER

View >
Palo Alto Networks

OILRIG

View >
Palo Alto Networks

MENUPASS

View >
Palo Alto Networks

SCARLET MIMIC

View >
Palo Alto Networks

COZYDUKE

View >
Palo Alto Networks

TH3BUG

View >