Skip to main content

Threat Library

The Threat Library is CyberXTron's curated knowledge base of threat actors, malware families, attack campaigns, and TTPs. It provides structured intelligence profiles for tracked threat entities, giving security teams the context they need for attribution, hunting, and defense.

Accessing the Threat Library

From the left navigation menu, click Hunting → Threat Library.

What's in the Library

Threat Actors

Profiles for tracked nation-state groups, cybercriminal organizations, and hacktivist groups. Each actor profile includes:

  • Overview — Origin, motivation, and primary targets
  • Aliases — Alternative names used across intelligence sources
  • Target geographies — Countries and regions historically targeted
  • Target industries — Sectors this actor has attacked
  • Intent — Espionage, financial, disruption, data theft
  • Active campaigns — Currently tracked operations attributed to this actor
  • IOC associations — Malicious IPs, domains, and hashes attributed to this actor
  • MITRE ATT&CK mapping — Full TTP profile with techniques and sub-techniques

Malware Families

Profiles for tracked malware families including RATs, stealers, ransomware, loaders, and backdoors. Each profile includes:

  • Malware type and capabilities
  • Known threat actors using this malware
  • Associated IOCs (C2 infrastructure, payload hashes)
  • MITRE ATT&CK techniques
  • Detection notes and hunting queries

Attack Campaigns

Documented campaigns with attribution, timeline, targeted organizations, and associated infrastructure. Campaigns link threat actors, malware, and IOCs into coherent attack narratives.

TTPs (Tactics, Techniques, and Procedures)

Browse by MITRE ATT&CK technique to find all threat actors and malware known to use a specific technique — useful for building detections and prioritizing defenses.

Search and Filter

Search the Threat Library by:

  • Actor name or alias
  • Malware family name
  • MITRE ATT&CK technique ID (e.g., T1566.002)
  • Target industry or geography
  • Active status (currently active vs. historical)

Integration with the Rest of the Platform

  • IOC Lookup — Any IOC lookup that matches a tracked actor shows the actor's Threat Library profile
  • Advisory — Threat advisories link to the relevant actor or campaign profile
  • Threat Map — Actor pins on the map link to Threat Library profiles
  • XTron-AI — Ask the AI assistant about any actor and it draws from Threat Library data