Dictionary of CTI-related acronyms, terms, and jargon
General Cyber Threat Intelligence Terms
ACRONYM | DESCRIPTION |
---|---|
CTI | Cyber Threat Intelligence |
TIP | Threat Intelligence Portal |
IOCs | Indicators of Compromise |
IOAs | Indicators of Attack |
HBI | Host-based Indicator |
NBI | Network-based Indicator |
TLP | Traffic Light Protocol |
TTP | Tactics, Techniques, and Procedures |
TA | Threat Actor |
APT | Advanced Persistent Threat |
CNOs | Computer Network Operations |
CNAs | Computer Network Attacks |
CNE | Computer Network Exploitation |
BGH | Big Game Hunting |
HOR | Human-Operated Ransomware |
HOK | Hands-on-Keyboard |
DEATH | Detection Engineering And Threat Hunting |
STIX | Structured Threat Information Expression |
TAXII | Trusted Automated Exchange of Indicator Information |
MAR | Malware Analysis Report |
General Intelligence Terms
ACRONYM | DESCRIPTION |
---|---|
CARVER | Criticality, Accessibility, Recuperability, Vulnerability, Effect and Recognizability |
BLUF | Bottom Line Up Front |
FINTEL | Finished Intelligence |
ACH (1) | Analysis of Competing Hypotheses |
I/Os | Influence Operations |
PSYOPS | Psychological Operations |
ISR | Intelligence, Surveillance, and Reconnaissance |
AKA | Also Known As |
RFI | Request For Information/Intelligence |
SOP | Standard Operating Procedure |
ICP | Intelligence Collection Plan |
PIR | Priority Intelligence Requirements |
GIR | General Intelligence Requirements |
KIQ | Key Intelligence Questions |
OSINT | Open Source Intelligence |
HUMINT | Human Intelligence |
SIGINT | Signal Intelligence |
SOCMINT | Social Media Intelligence |
GEOINT | Geopolitical Intelligence |
MASINT | Measurements Intelligence |
FININT | Financial Intelligence |
CRIMINT | Criminal Intelligence |
OPSEC | Operational Security |
SATs | Structured Analytic Techniques |
AOO | Action on Objectives |
COA | Courses of Action |
FOUO | For Official Use Only |
ORCON | Originator Control |
NOFORN | No Foreign Nationals |
SC/eSC | Security Check / Enhanced Security Check |
DV/eDV | Developed Vetting / Enhanced Developed Vetting |
SCIF | Sensitive Compartmentalised Information Facility |
CHSI | Confidential Human Source Information |
OPE | Operational Preparation of the Environment |
CONOPS | Concept of Operations |
Geopolitical and Public Sector
ACRONYM | DESCRIPTION |
---|---|
MENA | Middle East and Northern Africa |
EMEA | Europe, Middle East, and Africa |
APAC | Asia-Pacific |
ASEAN | Association of Southeast Asian Nations |
LATAM | Latin America |
BRICS | Brazil, Russia, India, China and South Africa |
CIS | Commonwealth of Independent States |
NATO | North Atlantic Treaty Organisation |
FVEY | Five Eyes Intelligence Alliance - US, UK, Australia, Canada, New Zealand |
GRU | Main Intelligence Directorate of the Russian Federation |
SVR | Foreign Intelligence Service of the Russian Federation |
FSB | Russian Federal Security Service |
MSS | Chinese Ministry of State Security |
PLA | Chinese People's Liberation Army |
IRGC | Islamic Revolutionary Guard Corps of Iran |
RGB | North Korean Reconnaissance General Bureau |
NSA TAO | National Security Agency Tailored Access Operations |
NSA SID | National Security Agency Signals Intelligence Directorate |
NSC | National Security Council |
DNI | Director of National Intelligence |
CIA | Central Intelligence Agency |
CYBERCOM | United States Cyber Command |
DOJ | US Department of Justice |
DHS | US Department of Homeland Security |
CISA | Cybersecurity and Infrastructure Security Agency |
ENISA | European Union Agency for Cybersecurity |
NCSC | UK National Cyber Security Centre |
GCHQ | UK Government Communications Headquaters |
JFCyG | Joint Forces Cyber Group |
NCF | National Cyber Force |
CCCS | Canadian Centre for Cyber Security |
CSIS | Canadian Security Intelligence Service |
ACSC | Australian Cyber Security Centre |
ASD | Australian Signals Directorate |
BND | Federal Intelligence Service of Germany |
AIVD | General Intelligence and Security Service of Netherlands |
ISI | Inter-Services Intelligence of Pakistan |
IB | Intelligence Bureau of India |
R&AW | Research & Analysis Wing of the Indian Foreign Intelligence Agency |
GIP | General Intelligence Presidency of Saudi |
SIA | Signals Intelligence Agency of UAE |
DGSE | Directorate-General for External Security of France |
ANSSI | French National Cybersecurity Agency |
NIS | National Intelligence Service of South Korea |
IDF | Israel Defense Forces |
INCD | Israeli National Cyber Directorate |
JSDF | Japan Self-Defense Forces |
OIC | Organisation of Islamic Cooperation |
BRI | The Chinese Belt and Road Initiative |
GCC | Gulf Cooperation Council |
QRF | Quick Reaction Force |
CBRN | Chemical, Biological, Radiological, Nunclear |
DSTL | The UK Defence, Science, Technology Laboratory |
CNI | Critical National Infrastructure |
CIKR | Critical Infrastructure and Key Resources |
Law Enforcement & Counterrorism Terms
ACRONYM | DESCRIPTION |
---|---|
CTSFO | Counter Terrorist Specialist Firearms Officer |
LEA | Law Enforcement Agency |
FBI | US Federal Bureau of Investigation |
NCA | UK National Crime Agency |
MLAT | Mutual Legal Assistance Treaty |
CLOUDA | Clarifying Lawful Overseas Use of Data Act |
FTO | Foreign Terrorist Organisation |
HVE | Home-grown Violent Extremist |
DVE | Domestic Violent Extremist |
ULO | Unaffiliated Violent Extremist |
ERWT | Extremist Right Wing Terrorist |
LASIT | Left-Wing, Anarchist and Single-Issue Terrorism |
MCI | Mass Casualty Incident |
UAS | Unmanned Aircraft System |
UAV | Unmanned Aerial Vehicle |
Technical
ACRONYM | DESCRIPTION |
---|---|
BEC | Business Email Compromise |
CVE | Common Vulnerabilities and Exploits |
CWE | Common Weaknesses Enumeration |
IoT | Internet of Things |
TOR | The Onion Router |
RAT | Remote Access Trojan |
C&C | Command and Control Server (aka C2 or CnC) |
RaaS | Ransomware as a Service |
MaaS | Malware as a Service |
DaaS | Downloader as a Service |
AaaS | Access as a Service |
IaC | Infrastructure as Code |
SaaS | Software as a Service |
PaaS | Platform as a Sevice |
DDoS | Distributed Denial of Service |
RCE | Remote Code Execution |
PoC | Proof of Concept |
LOLBin | Living off the Land Binary |
LOLBAS | Living off the Land Binary and Scripts |
VM | Virtual Machine |
VDI | Virtual Desktop Infrastructure |
ESXi | enterprise hypervisor developed by VMware |
VPN | Virtual Private Network |
VPS | Virtual Private Server |
RDP | Remote Desktop Protocol (Port 3389) |
SMB | Server Message Block (Port 139 or 445) |
XSS | Cross-site Scripting |
CSRF | Cross-site Request Forgery |
SSRF | Server-side Request Forgery |
XXE | XML External Entity |
SQLi | Sequel Injection |
FUD (1) | Fear, Uncertainty, Doubt |
FUD (2) | Fully Undetected |
TCP/IP | Transmission Control Protocol / Internet Protocol |
TLS | Transport Layer Security |
SSL | Secure Socket Layer |
SSH | Secure Shell Protocol |
2FA | Two-factor authentication |
MFA | Multi-factor authentication |
OTP | One-Time Passcode |
API | Application Programming Interface |
CDN | Content Delivery Network |
EDN | Email Distribution Network |
MitM | Man in the Middle |
MitB | Man in the Browser |
MBR | Master Boot Record |
MFT | Master File Table |
AD | Active Directory |
AAD | Azure Active Directory |
DC | Domain Controller |
NTFS | New Technology File System |
NRD | Newly Registered Domain |
JS | JavaScript |
VBS | Visual Basic Script |
VBA | Visual Basic for Applications |
GPO | Group Policy Object |
OS | Operating System |
SSD | Solid State Drive |
HDD | Hard Disk Drive |
FQDN | Fully Qualified Domain Name |
CIDR | Classless Inter-Domain Routing |
BGP | Border Gateway Protocol |
CMDB | Configuration Management Database |
MX | Mail Exchange |
IX | Internet Exchange |
FP | False Positive |
TP | True Positive |
FN | False Negative |
TN | True Negative |
RCA | Root Cause Analysis |
OCR | Optical Character Recognition |
DPI | Deep Packet Inspection |
DNS | Domain Name System |
DOH | DNS over HTTPS |
Infosec Industry Terms
ACRONYM | DESCRIPTION |
---|---|
MSM | Mainstream Media |
SOC | Security Operations Centre |
CERT | Computer Emergency Response Team |
TVM | Threat and Vulnerability Management |
ISAC | Information Sharing and Analysis Center |
ISAO | Information Sharing and Analysis Organization |
PSIRT | Product Security Incident Response Team |
CSIRT | Computer Security Incident Response Team |
PII | Personally Identifiable Information |
ISP | Internet Service Provider |
MSP | Managed Service Provider |
MSSP | Managed Security Service Provider |
VDP | Vulnerability Disclosure Program |
IR | Incident Response |
DFIR | Digital Forensics and Incident Response |
EDR | Endpoint Detection and Response |
AV | Antivirus |
FW | Firewall |
DRP | Disaster Recovery Plan |
BCP | Business Continuity Plan |
ICS | Industrial Control System |
SCADA | Supervisory control and data acquisition |
OT | Operational Technology |
PLC | Programmable Logic Controller |
HMI | Human Machine Interface |
DCS | Distributed Control System |
SIS | Safety Instrumented Systems |
BMS | Building Management System |
DCIM | Data Center and Infrastructure Management |
SIEM | Security Information and Event Management |
SOAR | Security Orchestration, Automation, and Response |
XDR | Extended Detection and Response |
UEBA | User Entity Behaviour Analytics |
ML | Machine Learning |
AI | Artificial Intelligence |
ROI | Return on Investment |
FMCG | Fast Moving Consumer Goods |
NPP | Nuclear Power Plant |
O&G | Oil and Gas (also ONG) |
UTM | Unified Threat Management |
GDPR | General Data Protection Regulation |
CCPA | California Consumer Privacy Act |
CMA | Computer Misuse Act |
CFAA | Computer Fraud and Abuse Act |
MLAT | Mutual Legal Assistance Treaty |
CLOUDA | Clarifying Lawful Overseas Use of Data Act |
IP | Intellectual Property |
FOIA | Freedom of Information Act |
TTX | Table Top Exercise |
HIBP | Have I Been Pwned |
WP | Word Press |
AWS | Amazon Web Services |
GCP | Google Cloud Platform |
OCI | Oracle Cloud Infrastructure |
MDE | Microsoft Defender for Endpoint |
SME (1) | Small Medium Enterprise |
SME (2) | Subject Matter Expert |
PSOA | Private Sector Offensive Actor |
FIDO | Fast Identity (ID) Online |
PKI | Public Key Infrastructure |
OKR | Objectives and Key Results |
SMART | Specific, Measurable, Assignable, Realistic and Time-related |
SLA | Service-level Agreement |
BCP | Business Continuity Plan |
DRP | Disaster Recovery Plan |
IRP | Incident Response Plan |
GRC | Governance Risk and Compliance |
IAM | Identity and Access Management |
MDR | Managed Detection and Response |
ATO | Account Take Over |
HSM | Hardware Security Module |
MNO | Mobile Network Operator |
UAT | User Acceptance Testing |
MUA | Mail User Agent |
MTA | Message Transfer Agent |
MDA | Message Delivery Agent |
VX | Virus Exchange |
Financial Crimes
TERM | DESCRIPTION |
---|---|
BTC | Bitcoin |
ETH | Ethereum |
XMR | Monero |
DeFi | Decentralised Finance |
DEX | Decentralized Exchange |
CEX | Centralized Exchange |
P2PE | Peer-to-peer Exchange |
VAs | Virtual Assets |
VASPs | Virtual Asset Service Providers |
KYC | Know Your Customer |
CDD | Customer Due Diligence |
PoS | Point of Sale |
OFAC | Office of Foreign Assets Control (US) |
FINCEN | Financial Crimes Enforcement Network (US) |
FCA | Financial Conduct Authority (UK) |
SAR | Suspicious Activity Report |
STR | Suspicious Transaction Report |
ML | Money Laundering |
TF | Terrorist Financing |
AML | Anti-Money Launder |
CFT | Combating the Financing of Terrorism |
FATF | Financial Action Task Force |
SWIFT | Society for Worldwide Interbank Financial Telecommunication |
ACH (2) | Automated Clearing House |
FIU | Financial Intelligence Unit |
PRF | Payment Redirection Fraud |
PCI DSS | Payment Card Industry Data Security Standard |
SVC | Stored Value Card |
CTI, Technical, and Intelligence Jargon
TERM | DESCRIPTION |
---|---|
Counter Intelligence | Learning what the opposition knows |
State-sponsored | Supported financially or authorised by a sovereign state |
NatSec | National Security |
Malware | Malicious Software |
Ransomware | Malware that encrypts files and demands a ransom for the decryption key |
Wiper | Malware that destroys data |
Worm | Self-spreading malware |
Spyware | Malicious Software for surveillance |
Trojan | Malware in disguise |
Infostealer | Credential harvesting malware |
Web Shell | Command and script interpreter deployed on a compromised website |
Skimmer | Malicious script that exfiltrates form data from a website |
Cryptomining/Cryptojacking | Malicious cryptocurrency mining program that consumes system resources |
Packer | Malware obfuscation tool |
Payload | Component intended for delivery |
Backdoor | Remote access via an infected system |
Botnet | Network of infected devices |
Loader | Malware delivery system |
Phishing | Malicious email to push malware or harvesting credentials |
Phishing Kit | Collection of assets used to launch a phishing campaign |
SMiShing | SMS-based phishing |
Simming/SIM Swapping | When mobile carriers are tricked to transfer a victim's phone number to an attacker |
Spear-phishing | Highly targeted phishing |
Vishing | Voice-based phishing |
Vulnerability | An error found within a system |
Exploit | Leveraging a vulnerability to gain an advantage |
Exploit Kit | Toolkit that exploits multiple vulnerabilities to push malware |
0day | Unpatched vulnerability |
PrivEsc | Privilege Escalation |
PreAuth | Pre-authentication (access without authorisation) |
Patch Gap | Time between a software patch is released and vendors apply it |
Shell | Command and script interpreter deployed on a compromised system |
Enumeration | The process of listing all the attributes of a system |
Cybercrime | Computer aided crime (aka eCrime) |
Clearweb | Websites without a barrier to entry |
Darknet | .onion sites invisible to the clearweb |
Deepweb | Closed parts of the clear web (e.g. group chats, private servers, underground forums) |
Doxxed | When an individual's private information is made public |
Honeypot | A system that mimics a device to attract attackers |
Honeytrap | A threat actor (attractive in appearance) deployed to target personnel |
Social Engineering | Exploiting the human factor in a secure system |
Initial Access Broker | A hacker who sells their initial foothold in a network |
Data Broker | A hacker who sells databases and information |
Proxy | A separate internet connection between the destination and the source (aka VPN, VPS) |
Cyber-espionage | Computer-enabled state intelligence campaigns |
Drive-by Compromise | Unintentional download of malicious code |
Sock Puppet | Fictitious online identity |
Carding/Carders | Fraud using stolen credit cards |
Magecart | Cybercriminals who target online shopping cart systems built with Magento |
Golden Image/VM | Templates of OS images with preconfigured settings and applications that can redeployed quickly |
Zero Trust | a security model based on the idea devices should not be trusted by default |
Tiger Team | a team of specialists assembled to work on a specific goal or to solve a particular problem |
Mixer | A non-custodial service for laundering cryptocurrency by obfuscating transactions |
CoinJoin | A method to obfuscate transactions by obfuscating wallet addresses |
Chain Hopping | A method to obfuscate cryptocurrency transactions by changing blockchains/cryptocurrencies |