Resources

Cybersecurity resources provide the industry with a centralized source of trusted information. If you have any questions, especially about our membership process, contact us.

Download and share these materials that tell the story of CTA, including CTA’s Joint Analysis reports, which focus on specific threats and campaign activity.

  • 2020 Summer Olympics Threat Assessment

  • Joint Analysis on Securing Edge Devices

  • Key Findings: The Illicit Cryptocurrency Mining Threat

  • Illicit CryptoMining Whitepaper

  • Adversary Playbook Principles

  • What Is the Cyber Threat Alliance?

    This downloadable document explains who we are,...

CTA members routinely provide other members with access to and review of blogs and intelligence reports describing malicious cyber activity.  By sharing research on significant issues, CTA members leverage their data, analysis, and cybersecurity products to expose malicious activity, prevent additional harm, and mitigate any of the activity’s effects as early and as effectively as possible.  Since May 2018, CTA members have shared over 200 blogs and intelligence reports with each other.

Use the search function to search by CTA member company name or research title. Results can also be filtered by date of publication.

330 results found.
Oct 2020

DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread

Cisco
View >
Oct 2020

Hacks for sale: inside the Buer Loader malware-as-a-service

Sophos
View >
Oct 2020

Risks in IoT Supply Chain

Palo Alto Networks
View >
Oct 2020

Wireshark Tutorial: Examining Dridex Infection Traffic

Palo Alto Networks
View >
Oct 2020

LockBit uses automated attack tools to identify tasty targets

Sophos
View >
Oct 2020

Seedworm: Iran-Linked Group Continues to Target Organizations in the Middle East

Symantec
View >
Oct 2020

Cloud Threat Hunting: Attack & Investigation Series- Privilege Escalation via Lambda

Check Point Software Technologies
View >
Oct 2020

Phishing Lures Shift from COVID-19 to Job Opportunities

Fortinet
View >
Oct 2020

Threat Brief: Microsoft Vulnerability CVE-2020-16898

Palo Alto Networks
View >
Oct 2020

Two New IoT Vulnerabilities Identified with Mirai Payloads

Palo Alto Networks
View >
Oct 2020

Deep Analysis – The EKING Variant of Phobos Ransomware

Fortinet
View >
Oct 2020

Lemon Duck brings cryptocurrency miners back into the spotlight

Cisco
View >
Oct 2020

CVE-2020-14386: Privilege Escalation Vulnerability in the Linux kernel

Palo Alto Networks
View >
Oct 2020

Unit 42 Cloud Threat Report: Misconfigured IAM Roles Lead to Thousands of Compromised Cloud Workloads

Palo Alto Networks
View >
Oct 2020

Unit 42 Cloud Threat Report: CSP Findings on Logging, Encryption and Exposed Services

Palo Alto Networks
View >
Utilize CTA’s curated selection of respected and comprehensive cybersecurity resources.

No Recommended Resources Found

Adversary Playbooks are an attempt to capture the complete collection of tools, techniques, and procedures that adversaries use to achieve their goals, arrayed in a logical sequence using the Lockheed Martin Cyber Kill Chain. If the cybersecurity community and network defenders have access to these playbooks, they can make their defensive actions more effective and impose increased costs on our adversaries. The Cyber Threat Alliance (CTA) is committed to sharing actionable intelligence that can be used to create Adversary Playbooks. Since our cyber adversaries adapt very rapidly, CTA also automates the sharing and updating of this intelligence.

This page serves as a resource for the cybersecurity community with useful tools for creating Adversary Playbooks and links to the Playbooks created by our members. If you have any questions or feedback, please contact us at admin@cyberthreatalliance.org.

Use the search function to find playbooks by CTA member author, adversary group, or threat actor.

38 results found.

Lockheed Martin's Cyber Kill Chain

View >
Palo Alto Networks

Playbook Viewer

View >
Fortinet

Playbook Viewer

View >

MITRE's ATT&CK Framework

View >

CTA Adversary Playbook Principles

View >
Palo Alto Networks

SOFACY

View >
Fortinet

GOBLIN PANDA

View >
Palo Alto Networks

COBALT GANG

View >
Palo Alto Networks

INCEPTION

View >
Palo Alto Networks

GORGON GROUP

View >
Palo Alto Networks

DARKHYDRUS

View >
Palo Alto Networks

RANCOR

View >
Palo Alto Networks

WINDSHIFT

View >
Palo Alto Networks

PATCHWORK

View >
Palo Alto Networks

PICKAXE

View >