Resources

Cybersecurity resources provide the industry with a centralized source of trusted information. If you have any questions, especially about our membership process, contact us.

Adversary Playbooks are an attempt to capture the complete collection of tools, techniques, and procedures that adversaries use to achieve their goals, arrayed in a logical sequence using the Lockheed Martin Cyber Kill Chain. If the cybersecurity community and network defenders have access to these playbooks, they can make their defensive actions more effective and impose increased costs on our adversaries. The Cyber Threat Alliance (CTA) is committed to sharing actionable intelligence that can be used to create Adversary Playbooks. Since our cyber adversaries adapt very rapidly, CTA also automates the sharing and updating of this intelligence.

This page serves as a resource for the cybersecurity community with useful tools for creating Adversary Playbooks and links to the Playbooks created by our members. If you have any questions or feedback, please contact us at admin@cyberthreatalliance.org.

Use the search function to find playbooks by CTA member author, adversary group, or threat actor.

33 results found.
Palo Alto Networks

KONNI

View >
Palo Alto Networks

ROCKE GROUP

View >
Palo Alto Networks

PKPLUG

View >
Palo Alto Networks

EMISSARY PANDA

View >
Fortinet

SILENCE GROUP

View >
Palo Alto Networks

CHAFER

View >
Palo Alto Networks

MUDDY WATER

View >

The Pragmatic Adversary

View >

Lockheed Martin's Cyber Kill Chain

View >
Palo Alto Networks

Playbook Viewer

View >
Fortinet

Playbook Viewer

View >

MITRE's ATT&CK Framework

View >

CTA Adversary Playbook Principles

View >

CTA members routinely provide other members with access to and review of blogs and intelligence reports describing malicious cyber activity.  By sharing research on significant issues, CTA members leverage their data, analysis, and cybersecurity products to expose malicious activity, prevent additional harm, and mitigate any of the activity’s effects as early and as effectively as possible.  Since May 2018, CTA members have shared over 100 blogs and intelligence reports with each other.

Use the search function to search by CTA member company name or research title. Results can also be filtered by date of publication.

168 results found.
Jan 2020

The Fractured Statue Campaign: U.S. Government Agency Targeted in Spear-Phishing Attacks

Palo Alto Networks
View >
Jan 2020

GoMiner mutates and spreads via public cloud storage providers

Juniper Networks
View >
Jan 2020

Muhstik Botnet Attacks Tomato Routers to Harvest New IoT Devices

Palo Alto Networks
View >
Jan 2020

Breaking down a two-year run of Vivin’s cryptominers

Cisco
View >
Jan 2020

Stolen emails reflect Emotet's organic growth

Cisco
View >
Jan 2020

JhoneRAT: Cloud based python RAT targeting Middle Eastern countries

Cisco
View >
Jan 2020

Exploits in the Wild for Citrix ADC and Citrix Gateway Directory Traversal Vulnerability CVE-2019-19781

Palo Alto Networks
View >
Jan 2020

Fleeceware apps persist on the Play Store

Sophos
View >
Jan 2020

The State of Threats to Electric Entities in North America

Dragos
View >
Jan 2020

Tik or Tok? Is TikTok secure enough?

Check Point Software Technologies
View >
Jan 2020

Threat Brief: Iranian Cyber Warfare

IntSights
View >
Jan 2020

What the continued escalation of tensions in the Middle East means for security

Cisco
View >
Jan 2020

Predator the Thief: Analysis of Recent Versions

Fortinet
View >
Jan 2020

MageCart Skims Credit Cards from FocusCamera.com

Juniper Networks
View >
Jan 2020

The Curious Case of DeathRansom: Part I

Fortinet
View >

Download and share these materials that tell the story of CTA, including CTA’s Joint Analysis reports, which focus on specific threats and campaign activity.

  • CTA 2020 Olympics Threat Assessment Report

  • CTA Joint Analysis on Securing Edge Devices

  • CTA Infographic

  • Key Findings: The Illicit Cryptocurrency Mining Threat

  • CTA Illicit CryptoMining Whitepaper

  • Adversary Playbook Principles

Utilize CTA’s curated selection of respected and comprehensive cybersecurity resources.
14 results found.

2018 CMO Cybersecurity Survey Key Findings

View >

Aspen Cybersecurity Group: An Operational Collaboration Framework

View >

Building a National Cybersecurity Strategy: Voluntary, Flexible Frameworks

View >

Crosswalk from NSA Cyber Threat Framework to the MITRE ATT&CK Framework

View >

Cybersecurity Framework

View >

Cybersecurity Framework References, FAQ, etc.

View >

Federal Funding Recs for R&D Relating to Improving Computer Code Security

View >

Information Sharing and Analysis Organizations

View >

May 2017 U.S. Government Cyber Executive Order

View >

Next Steps in Playbook Driven Cyber Security

View >

NIST Computer Security Incident Handling Guide

View >