Resources

Cybersecurity resources provide the industry with a centralized source of trusted information. If you have any questions, especially about our membership process, contact us.

Adversary Playbooks are an attempt to capture the complete collection of tools, techniques, and procedures that adversaries use to achieve their goals, arrayed in a logical sequence using the Lockheed Martin Cyber Kill Chain. If the cybersecurity community and network defenders have access to these playbooks, they can make their defensive actions more effective and impose increased costs on our adversaries. The Cyber Threat Alliance (CTA) is committed to sharing actionable intelligence that can be used to create Adversary Playbooks. Since our cyber adversaries adapt very rapidly, CTA also automates the sharing and updating of this intelligence.

This page serves as a resource for the cybersecurity community with useful tools for creating Adversary Playbooks and links to the Playbooks created by our members. If you have any questions or feedback, please contact us at admin@cyberthreatalliance.org.

Use the search function to find playbooks by CTA member author, adversary group, or threat actor.

0 results found.

No Results Found!

Sorry, but we couldn't find anything based on your search criteria.
Please try a different keyword.

CTA members routinely provide other members with access to and review of blogs and intelligence reports describing malicious cyber activity.  By sharing research on significant issues, CTA members leverage their data, analysis, and cybersecurity products to expose malicious activity, prevent additional harm, and mitigate any of the activity’s effects as early and as effectively as possible.  Since May 2018, CTA members have shared over 100 blogs and intelligence reports with each other.

Use the search function to search by CTA member company name or research title. Results can also be filtered by date of publication.

150 results found.
Apr 2019

Takedowns and Adventures in Deceptive Affiliate Marketing

Palo Alto Networks
View >
Jul 2019

Targeted Ransomware: Proliferating Menace Threatens Organizations

Symantec
View >
Apr 2019

The 2019 NTT Security Global Threat Intelligence Report: The devil is in the detail

NTT Security
View >
Oct 2019

The Eye on the Nile

Check Point Software Technologies
View >
Nov 2018

The Fractured Block Campaign: CARROTBAT Used to Deliver Malware Targeting Southeast Asia

Palo Alto Networks
View >
Jul 2019

The Gopher in the Room: Analysis of GoLang Malware in the Wild

Palo Alto Networks
View >
Aug 2018

The Gorgon Group: Slithering Between Nation State and Cybercrime

Palo Alto Networks
View >
Sep 2019

The Legend of Adwind: A Commodity RAT Saga in Eight Parts

Palo Alto Networks
View >
Sep 2019

The WannaCry hangover

Sophos
View >
Jun 2019

Threat Proliferation in ICS Cybersecurity: XENOTIME Now Targeting Electric Sector, in Addition to Oil and Gas

Dragos
View >
Sep 2019

Thrip: Ambitious Attacks Against High Level Targets Continue

Symantec
View >
Jun 2018

Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies

Symantec
View >
Sep 2019

Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks

Symantec
View >
Feb 2019

Tracking OceanLotus’ new Downloader, KerrDown

Palo Alto Networks
View >
Sep 2019

TrickBot or Treat – Knocking on the Door and Trying to Enter

Fortinet
View >

Download and share these materials that tell the story of CTA, including CTA’s Joint Analysis reports, which focus on specific threats and campaign activity.

  • CTA Joint Analysis on Securing Edge Devices

  • CTA Infographic

  • Key Findings: The Illicit Cryptocurrency Mining Threat

  • CTA Illicit CryptoMining Whitepaper

  • Adversary Playbook Principles

  • What Is the CTA?

    This downloadable document explains who we are,...
Utilize CTA’s curated selection of respected and comprehensive cybersecurity resources.
11 results found.

2018 CMO Cybersecurity Survey Key Findings

View >

Aspen Cybersecurity Group: An Operational Collaboration Framework

View >

Building a National Cybersecurity Strategy: Voluntary, Flexible Frameworks

View >

Cybersecurity Framework

View >

Cybersecurity Framework References, FAQ, etc.

View >

Federal Funding Recs for R&D Relating to Improving Computer Code Security

View >

Information Sharing and Analysis Organizations

View >

May 2017 U.S. Government Cyber Executive Order

View >

Next Steps in Playbook Driven Cyber Security

View >

NIST Computer Security Incident Handling Guide

View >