Resources

Cybersecurity resources provide the industry with a centralized source of trusted information. If you have any questions, especially about our membership process, contact us.

Download and share these materials that tell the story of CTA, including CTA’s Joint Analysis reports, which focus on specific threats and campaign activity.

No CTA Assets Found

CTA members routinely provide other members with access to and review of blogs and intelligence reports describing malicious cyber activity.  By sharing research on significant issues, CTA members leverage their data, analysis, and cybersecurity products to expose malicious activity, prevent additional harm, and mitigate any of the activity’s effects as early and as effectively as possible.  Since May 2018, CTA members have shared over 200 blogs and intelligence reports with each other.

Use the search function to search by CTA member company name or research title. Results can also be filtered by date of publication.

330 results found.
Nov 2018

Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery

Palo Alto Networks
View >
Nov 2018

FASTCash: How the Lazarus Group is Emptying Millions from ATMs

Symantec
View >
Oct 2018

CTA Adversary Playbook: Goblin Panda

Fortinet
View >
Oct 2018

Chalubo botnet wants to DDoS from your server or IoT device

Sophos
View >
Oct 2018

Gallmaker: New Attack Group Eschews Malware to Live off the Land

Symantec
View >
Oct 2018

NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT

Palo Alto Networks
View >
Sep 2018

New KONNI Malware attacking Eurasia and Southeast Asia

Palo Alto Networks
View >
Sep 2018

VPNFilter III: More Tools for the Swiss Army Knife of Malware

Cisco
View >
Aug 2018

The Gorgon Group: Slithering Between Nation State and Cybercrime

Palo Alto Networks
View >
Jul 2018

SamSam: The (almost) $6 million ransomware

Sophos
View >
Jul 2018

IcedID & Trickbot: A Give-and-Take Relationship

Fortinet
View >
Jul 2018

Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions

Symantec
View >
Jun 2018

Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies

Symantec
View >
Jun 2018

VPNFilter Update - VPNFilter exploits endpoints, targets new devices

Cisco
View >
May 2018

New VPNFilter malware targets at least 500K networking devices worldwide

Cisco
View >
Utilize CTA’s curated selection of respected and comprehensive cybersecurity resources.

No Recommended Resources Found

Adversary Playbooks are an attempt to capture the complete collection of tools, techniques, and procedures that adversaries use to achieve their goals, arrayed in a logical sequence using the Lockheed Martin Cyber Kill Chain. If the cybersecurity community and network defenders have access to these playbooks, they can make their defensive actions more effective and impose increased costs on our adversaries. The Cyber Threat Alliance (CTA) is committed to sharing actionable intelligence that can be used to create Adversary Playbooks. Since our cyber adversaries adapt very rapidly, CTA also automates the sharing and updating of this intelligence.

This page serves as a resource for the cybersecurity community with useful tools for creating Adversary Playbooks and links to the Playbooks created by our members. If you have any questions or feedback, please contact us at admin@cyberthreatalliance.org.

Use the search function to find playbooks by CTA member author, adversary group, or threat actor.

0 results found.

No Results Found!

Sorry, but we couldn't find anything based on your search criteria.
Please try a different keyword.