Cyber Threat Intelligence Glossary

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z


0-day Vulnerability

A zero-day vulnerability in a disclosed, but not yet fixed system or device is a vulnerability. A zero-day exploit is considered an exploit that exploits a zeros-day vulnerability.


Advanced Persistent Threat (APT)

An attacker with advanced know-how and considerable resources, which enables him to create opportunities for his purposes by using multiple attack vectors, which are usually to establish and extend the foundation of an IT infrastructure of organisations, in order to continually exfiltrate information or to damage it or prevent it.

Attack Surface

ASM is the process of discovering, listing, classifying, analyzing, prioritizing, and monitoring all information that can be collected on the internet and informing your organization about sensitive data by searching external digital assets.



Remote access through a compromised system.

Business Email Compromise (BEC)

BEC is a sort of fraud targeting firms with wires transferring and providing international suppliers. Executives' email or high-level workers' accounts connected to finance or wire transfer payments, whether openly or publicly visible, are either faked or compromised by keylogging or fraudulent transfers by phishing assaults which result in losses of hundreds of thousands of dollars.

Black Market

Illegal trafficking or trading in items publicly regulated or scarce.


Network of infected devices.


Carding Fraud

Using stolen credit cards.


Websites with no entrance barrier.

Continuous Security Monitoring (CSM)

The Continuous Security Monitoring (CSM) methodology automates the monitoring of security records, vulnerabilities, and other cyber risks, with the objective of supporting corporate decisions on risk management.

Credential Stuffing

Credential Stuffing is a technique that involves an automatic injection attack to access online services with stolen credentials. In an attack on the login data, fraudsters use it to access consumer accounts to make fraudulent purchases, carry out phishing attacks, and steal information and money.


Malware-infected bitcoin mining software.

Common Vulnerabilities and Exposures (CVE)

CVE is a reference-method for publicly known information-security vulnerabilities and exposures.

Common Vulnerability Scoring System (CVSS)

CVSS is a method of capturing the key vulnerability features and producing a numerical score that reflects its severity.

Common Weakness Enumeration (CWE)

The Common Weakness Enumeration is a category system for software weaknesses and vulnerabilities.


Dark Net

Dark net is an Internet overlay network that may only be accessed with particular software, settings, or authorization and frequently employs a unique customized communication protocol.

Dark Web

The dark web is a part of the internet that isn't indexed by search engines.

Data Breach

Data breach is an occurrence involving the stealing or removal of information from the system without the knowledge or permission of the system owner.


A threat actor who sells dataset and/or information.

Distributed Denial of Service (DDoS) Attack

A technique of denial of service used to conduct the attack on several hosts.

Digital Asset

Any asset which is purely digital or which represents a physical asset on a digital basis.

Digital Fingerprint

A hash that identifies data in a unique way. The modification of a single bit in the data stream for the digest message produces a different digest of the message.

Digital Footprint

Information on a certain individual who exists through their online activities on the Internet.

Denial of Service (DoS)

To deny authorized access to resources or to postpone crucial time activities.


When an individual's private information gets made public.

Drive-by Compromise

Malicious code was unintentionally downloaded.



The process of listing all of a system's characteristics.

Exploit Kit

A toolkit that exploits various vulnerabilities in order to distribute malware.

Exploit Leveraging

Use of a flaw to gain an advantage.


Initial Access Broker

A threat actor who sells their initial network foothold.

Indicators of Attack (IoA)

An IOA provides a unique construction into a dynamic, situational representation which directs the reaction of unknown attributes, IOCs and contextual information (including organizational intelligence and risk).

Indicator of Compromise (IoC)

IoCs are the evidence that prove a cyber-attack has taken place.



Malware distribution system.



Threat actors who target Magento based online shopping cart systems.

Malware Information Sharing Platform (MISP)

A threat intelligence platform for collecting, distributing, storing, and correlating Indicators of Compromise from targeted assaults, threat intelligence, financial fraud information, vulnerability information, and even counter-terrorism information.


Patch Gap

Time elapsed between the publication of a software patch and its application by suppliers.


A method used to try to collect sensitive information, such as a bank account, using a fake email request or a website in which the criminal disguises himself as a respectable company or a trustworthy individual.

Personally Identifiable Information (PII)

Any information representation that allows the identification of the individual to whom the information relates to be properly inferred through direct or indirect means.



Ransomware is a malicious software that uses encryption to ransom victims. Critical information of a person or organization is encrypted so that files, databases or apps are not accessible.

Remote Code Execution (RCE)

Describes a form of attack that an attacker can use on a target system to execute arbitrary instructions or code. It allows attackers to run malicious programs to control the increased privileges of vulnerable devices.


Shadow IT

Shadow IT, by definition, includes software, applications, and services used by different departments without the company’s IT department’s knowledge and control. Today, many staff can use different software and tools, thinking that they can carry out their work faster and easier without notifying the IT department.


Command and script interpreter deployed on a compromised system.

Security Information and Event Management (SIEM)

SIEM combines security information management with security event management in software products and services. They analyze security alarms issued by apps and network devices in real time.

Skimmer Malicious

A script that collects form data from a website.


Phishing via SMS.

Security Orchestration, Automation, and Response (SOAR)

Threat and vulnerability management, security incident response, and security operations automation are the three software capabilities described by the term.

Security Operation Center (SOC)

SOC is the centralized role of a person, process and technology organization to continually monitor and enhance the security position of a business while avoiding, detecting, analyzing and responding to cyber security incidents.

Spear Phishing

A colloquial concept used to characterize any phishing attempt that is extremely focused.


Financially supported or authorized by a sovereign state.

Strategic Threat Intelligence

Data that assist you safeguard your organization from cyber threats are strategic threat intelligence. Data is collected, processed and analyzed to offer you actionable intelligence to improve your security.

Supply Chain Attacks

Attacks which let the attacker use implants or other vulnerabilities implanted before the installation to infill or modify the hardware, software, operating systems, peripherals or services of information technology at any time during the life time cycle.

Supply Chain Risk

The risk of sabotage, malicious introduction of undesirable functions, or other subvertments of the design, integrity, manufacturing, manufacturing, distributing, installing, operating or maintaining a supply item or systems in order to control, deny or disrupt the function, use or operations of a system or otherwise degrade it.


Tactical Threat Intelligence

Tactical threat intelligence provides information about the tactics, techniques, and procedures (TTPs) used by threat actors to achieve their goals.

Take-Down Service

A take-down service, also known as a notice and take down request, is a method of requesting that an Internet Service Provider (ISP) or search engine delete or block access to unlawful, irrelevant, or obsolete content.

Threat Actor

A participant (individual or group) in an activity or process defined by malice or harm using computers, devices, systems or networks.

Threat Intelligence Report

A prose document describing TTPs, actors, systems and information types being targeted and associated threats.

Threat Information (TI)

TI is information on present or upcoming risks that might jeopardize an organization's security.

Traffic Light Protocol (TLP)

TLP is a collection of designations for the sharing of sensitive information with the relevant public.

Tactics, Techniques, and Procedures (TTP)

It explains the analysis methodology of the functioning of an APT or can be used to profile a specific actor of threat.


It is a social engineering technique a hacker who sells their initial network foothold. that targets online users who mistakenly enter a URL in their browser rather than search engines.



Voice-based phishing.


YARA Rules

YARA rules are used to categorize and identify samples of malware using textual or binary patterns to provide descriptions of malware families.

Acronym description


Advanced Persistent Threats


Business Email Compromise


Big Game Hunting


Computer Network Operators


Cyber Threat Intelligence


Common Vulnerabilities and Exploits


Common Weaknesses Enumeration


Fear, Uncertainty, Doubt




Human-Operated Ransomware


Human Intelligence


Indicators of Attack


Indicator of Compromise


Influence Operations


The Invisible Internet Project


Malware Information Sharing Platform


Main-Stream Media


Operational Security


Open-Source Intelligence


Personally Identifiable Information


Priority Intelligence Requirements


Request for Information


Signal Intelligence


Social Media Intelligence


Standard Operating Procedure


Security Orchestration, Automation, and Response


Threat Actor


Threat Intelligence Portal


Traffic Light Protocol


The Onion Router


Tactics, Techniques, and Procedures


Cyber Kill Chain

It is a model for identification and prevention of cyber intrusions activity.

Diamond Model of Intrusion Analysis

It is an approach to conducting intelligence on network intrusion events.

MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge)

The framework reflects the many phases of an adversary's attack life cycle and platforms known to be targeted. Curated information base and model for cyber adversaries conduct.

Paris Model of Threat Hunting

It is a model that expresses what good threat hunting is all about.