Mapping the threats against relevant Annex A controls

Answer:

There is no definitive document we can recommend, since for each organization the applicable controls may vary according to the organization's risk tolerance and results of risk assessment (for the same threat one or more controls may be applicable).

These materials will also help you regarding risk treatment:
- Diagram of ISO 27001:2013 Risk Assessment and Treatment process https://info.advisera.com/27001academy/free-download/diagram-of-iso-270012013-risk-assessment-and-treatment-process
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

Thanks; while I appreciate that the use of controls will vary depending on the organisation, I was thinking of a generic document that shows which controls work against the different threats in the threat/vulnerability catalogue.

Unfortunately such generic document is not available. Organizations concerned with information security avoid to publish such documents because they may mislead organizations while implementing their own practices, because they may understand that these are the solution for their risk, without considering their own organizational context.