Resources

Cybersecurity resources provide the industry with a centralized source of trusted information. If you have any questions, especially about our membership process, contact us.

Download and share these materials that tell the story of CTA, including CTA’s Joint Analysis reports, which focus on specific threats and campaign activity.

CTA members routinely provide other members with access to and review of blogs and intelligence reports describing malicious cyber activity.  By sharing research on significant issues, CTA members leverage their data, analysis, and cybersecurity products to expose malicious activity, prevent additional harm, and mitigate any of the activity’s effects as early and as effectively as possible.  Since May 2018, CTA members have shared over 200 blogs and intelligence reports with each other.

Use the search function to search by CTA member company name or research title. Results can also be filtered by date of publication.

326 results found.
Nov 2020

IAMFinder: Open Source Tool to Identify Information Leaked from AWS IAM Reconnaissance

Palo Alto Networks
View >
Nov 2020

Manufacturing Threat Perspective

Dragos
View >
Nov 2020

Pay2Key – The Plot Thickens

Check Point Software Technologies
View >
Nov 2020

CRAT wants to plunder your endpoints

Cisco
View >
Nov 2020

A Closer Look at the Web Skimmer

Palo Alto Networks
View >
Nov 2020

Windows XP, Server 2003 Source Code Leak Leaves IoT, OT Devices Vulnerable

Palo Alto Networks
View >
Nov 2020

Operation North Star: Behind The Scenes

McAfee
View >
Nov 2020

Gitpaste-12: a new worming botnet with reverse shell capability spreading via GitHub and Pastebin

Juniper Networks
View >
Nov 2020

A new APT uses DLL side-loads to “KilllSomeOne”

Sophos
View >
Oct 2020

Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector

Palo Alto Networks
View >
Oct 2020

Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee

Palo Alto Networks
View >
Oct 2020

DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread

Cisco
View >
Oct 2020

Hacks for sale: inside the Buer Loader malware-as-a-service

Sophos
View >
Oct 2020

Risks in IoT Supply Chain

Palo Alto Networks
View >
Oct 2020

Wireshark Tutorial: Examining Dridex Infection Traffic

Palo Alto Networks
View >
Utilize CTA’s curated selection of respected and comprehensive cybersecurity resources.
15 results found.

World Economic Forum: Partnership against Cybercrime

View >

Cybersecurity Resources and Working From Home: Tips & Resources

View >

Coalition of Nonprofits Join Together to Help Businesses Secure Remote Workforce

View >

Crosswalk from NSA Cyber Threat Framework to the MITRE ATT&CK Framework

View >

Next Steps in Playbook Driven Cyber Security

View >

Aspen Cybersecurity Group: An Operational Collaboration Framework

View >

2018 CMO Cybersecurity Survey Key Findings

View >

Building a National Cybersecurity Strategy: Voluntary, Flexible Frameworks

View >

Cybersecurity Framework

View >

Cybersecurity Framework References, FAQ, etc.

View >

Information Sharing and Analysis Organizations

View >

May 2017 U.S. Government Cyber Executive Order

View >

Federal Funding Recs for R&D Relating to Improving Computer Code Security

View >

NIST Computer Security Incident Handling Guide

View >

Adversary Playbooks are an attempt to capture the complete collection of tools, techniques, and procedures that adversaries use to achieve their goals, arrayed in a logical sequence using the Lockheed Martin Cyber Kill Chain. If the cybersecurity community and network defenders have access to these playbooks, they can make their defensive actions more effective and impose increased costs on our adversaries. The Cyber Threat Alliance (CTA) is committed to sharing actionable intelligence that can be used to create Adversary Playbooks. Since our cyber adversaries adapt very rapidly, CTA also automates the sharing and updating of this intelligence.

This page serves as a resource for the cybersecurity community with useful tools for creating Adversary Playbooks and links to the Playbooks created by our members. If you have any questions or feedback, please contact us at admin@cyberthreatalliance.org.

Use the search function to find playbooks by CTA member author, adversary group, or threat actor.

38 results found.
Palo Alto Networks

EKANS Ransomware

View >
Palo Alto Networks

TEMP ACIDBOX

View >
Palo Alto Networks

MAZE RANSOMWARE

View >
Palo Alto Networks

HANGOVER

View >
Palo Alto Networks

TEMP XHUNT

View >
Palo Alto Networks

KONNI

View >
Palo Alto Networks

ROCKE GROUP

View >
Palo Alto Networks

PKPLUG

View >
Palo Alto Networks

EMISSARY PANDA

View >
Fortinet

SILENCE GROUP

View >
Palo Alto Networks

CHAFER

View >
Palo Alto Networks

MUDDY WATER

View >

The Pragmatic Adversary

View >