/CTI-Lexicon

Dictionary of CTI-related acronyms, terms, and jargon

CTI Lexicon

  • Welcome to the CTI Lexicon, your guide to some of the jargon and acronyms liberally used in CTI. You will sometimes find these peppered in reports with no explanation offered or in the Tweets by professionals from Infosec Twitter™.

General Cyber Threat Intelligence Terms

ACRONYM DESCRIPTION
CTI Cyber Threat Intelligence
TIP Threat Intelligence Portal
IOCs Indicators of Compromise
IOAs Indicators of Attack
HBI Host-based Indicator
NBI Network-based Indicator
TLP Traffic Light Protocol
TTP Tactics, Techniques, and Procedures
TA Threat Actor
APT Advanced Persistent Threat
CNOs Computer Network Operations
CNAs Computer Network Attacks
CNE Computer Network Exploitation
BGH Big Game Hunting
HOR Human-Operated Ransomware
HOK Hands-on-Keyboard
DEATH Detection Engineering And Threat Hunting
STIX Structured Threat Information Expression
TAXII Trusted Automated Exchange of Indicator Information
MAR Malware Analysis Report

General Intelligence Terms

ACRONYM DESCRIPTION
CARVER Criticality, Accessibility, Recuperability, Vulnerability, Effect and Recognizability
BLUF Bottom Line Up Front
FINTEL Finished Intelligence
ACH (1) Analysis of Competing Hypotheses
I/Os Influence Operations
PSYOPS Psychological Operations
ISR Intelligence, Surveillance, and Reconnaissance
AKA Also Known As
RFI Request For Information/Intelligence
SOP Standard Operating Procedure
ICP Intelligence Collection Plan
PIR Priority Intelligence Requirements
GIR General Intelligence Requirements
KIQ Key Intelligence Questions
OSINT Open Source Intelligence
HUMINT Human Intelligence
SIGINT Signal Intelligence
SOCMINT Social Media Intelligence
GEOINT Geopolitical Intelligence
MASINT Measurements Intelligence
FININT Financial Intelligence
CRIMINT Criminal Intelligence
OPSEC Operational Security
SATs Structured Analytic Techniques
AOO Action on Objectives
COA Courses of Action
FOUO For Official Use Only
ORCON Originator Control
NOFORN No Foreign Nationals
SC/eSC Security Check / Enhanced Security Check
DV/eDV Developed Vetting / Enhanced Developed Vetting
SCIF Sensitive Compartmentalised Information Facility
CHSI Confidential Human Source Information
OPE Operational Preparation of the Environment
CONOPS Concept of Operations

Geopolitical and Public Sector

ACRONYM DESCRIPTION
MENA Middle East and Northern Africa
EMEA Europe, Middle East, and Africa
APAC Asia-Pacific
ASEAN Association of Southeast Asian Nations
LATAM Latin America
BRICS Brazil, Russia, India, China and South Africa
CIS Commonwealth of Independent States
NATO North Atlantic Treaty Organisation
FVEY Five Eyes Intelligence Alliance - US, UK, Australia, Canada, New Zealand
GRU Main Intelligence Directorate of the Russian Federation
SVR Foreign Intelligence Service of the Russian Federation
FSB Russian Federal Security Service
MSS Chinese Ministry of State Security
PLA Chinese People's Liberation Army
IRGC Islamic Revolutionary Guard Corps of Iran
RGB North Korean Reconnaissance General Bureau
NSA TAO National Security Agency Tailored Access Operations
NSA SID National Security Agency Signals Intelligence Directorate
NSC National Security Council
DNI Director of National Intelligence
CIA Central Intelligence Agency
CYBERCOM United States Cyber Command
DOJ US Department of Justice
DHS US Department of Homeland Security
CISA Cybersecurity and Infrastructure Security Agency
ENISA European Union Agency for Cybersecurity
NCSC UK National Cyber Security Centre
GCHQ UK Government Communications Headquaters
JFCyG Joint Forces Cyber Group
NCF National Cyber Force
CCCS Canadian Centre for Cyber Security
CSIS Canadian Security Intelligence Service
ACSC Australian Cyber Security Centre
ASD Australian Signals Directorate
BND Federal Intelligence Service of Germany
AIVD General Intelligence and Security Service of Netherlands
ISI Inter-Services Intelligence of Pakistan
IB Intelligence Bureau of India
R&AW Research & Analysis Wing of the Indian Foreign Intelligence Agency
GIP General Intelligence Presidency of Saudi
SIA Signals Intelligence Agency of UAE
DGSE Directorate-General for External Security of France
ANSSI French National Cybersecurity Agency
NIS National Intelligence Service of South Korea
IDF Israel Defense Forces
INCD Israeli National Cyber Directorate
JSDF Japan Self-Defense Forces
OIC Organisation of Islamic Cooperation
BRI The Chinese Belt and Road Initiative
GCC Gulf Cooperation Council
QRF Quick Reaction Force
CBRN Chemical, Biological, Radiological, Nunclear
DSTL The UK Defence, Science, Technology Laboratory
CNI Critical National Infrastructure
CIKR Critical Infrastructure and Key Resources

Law Enforcement & Counterrorism Terms

ACRONYM DESCRIPTION
CTSFO Counter Terrorist Specialist Firearms Officer
LEA Law Enforcement Agency
FBI US Federal Bureau of Investigation
NCA UK National Crime Agency
MLAT Mutual Legal Assistance Treaty
CLOUDA Clarifying Lawful Overseas Use of Data Act
FTO Foreign Terrorist Organisation
HVE Home-grown Violent Extremist
DVE Domestic Violent Extremist
ULO Unaffiliated Violent Extremist
ERWT Extremist Right Wing Terrorist
LASIT Left-Wing, Anarchist and Single-Issue Terrorism
MCI Mass Casualty Incident
UAS Unmanned Aircraft System
UAV Unmanned Aerial Vehicle

Technical

ACRONYM DESCRIPTION
BEC Business Email Compromise
CVE Common Vulnerabilities and Exploits
CWE Common Weaknesses Enumeration
IoT Internet of Things
TOR The Onion Router
RAT Remote Access Trojan
C&C Command and Control Server (aka C2 or CnC)
RaaS Ransomware as a Service
MaaS Malware as a Service
DaaS Downloader as a Service
AaaS Access as a Service
IaC Infrastructure as Code
SaaS Software as a Service
PaaS Platform as a Sevice
DDoS Distributed Denial of Service
RCE Remote Code Execution
PoC Proof of Concept
LOLBin Living off the Land Binary
LOLBAS Living off the Land Binary and Scripts
VM Virtual Machine
VDI Virtual Desktop Infrastructure
ESXi enterprise hypervisor developed by VMware
VPN Virtual Private Network
VPS Virtual Private Server
RDP Remote Desktop Protocol (Port 3389)
SMB Server Message Block (Port 139 or 445)
XSS Cross-site Scripting
CSRF Cross-site Request Forgery
SSRF Server-side Request Forgery
XXE XML External Entity
SQLi Sequel Injection
FUD (1) Fear, Uncertainty, Doubt
FUD (2) Fully Undetected
TCP/IP Transmission Control Protocol / Internet Protocol
TLS Transport Layer Security
SSL Secure Socket Layer
SSH Secure Shell Protocol
2FA Two-factor authentication
MFA Multi-factor authentication
OTP One-Time Passcode
API Application Programming Interface
CDN Content Delivery Network
EDN Email Distribution Network
MitM Man in the Middle
MitB Man in the Browser
MBR Master Boot Record
MFT Master File Table
AD Active Directory
AAD Azure Active Directory
DC Domain Controller
NTFS New Technology File System
NRD Newly Registered Domain
JS JavaScript
VBS Visual Basic Script
VBA Visual Basic for Applications
GPO Group Policy Object
OS Operating System
SSD Solid State Drive
HDD Hard Disk Drive
FQDN Fully Qualified Domain Name
CIDR Classless Inter-Domain Routing
BGP Border Gateway Protocol
CMDB Configuration Management Database
MX Mail Exchange
IX Internet Exchange
FP False Positive
TP True Positive
FN False Negative
TN True Negative
RCA Root Cause Analysis
OCR Optical Character Recognition
DPI Deep Packet Inspection
DNS Domain Name System
DOH DNS over HTTPS

Infosec Industry Terms

ACRONYM DESCRIPTION
MSM Mainstream Media
SOC Security Operations Centre
CERT Computer Emergency Response Team
TVM Threat and Vulnerability Management
ISAC Information Sharing and Analysis Center
ISAO Information Sharing and Analysis Organization
PSIRT Product Security Incident Response Team
CSIRT Computer Security Incident Response Team
PII Personally Identifiable Information
ISP Internet Service Provider
MSP Managed Service Provider
MSSP Managed Security Service Provider
VDP Vulnerability Disclosure Program
IR Incident Response
DFIR Digital Forensics and Incident Response
EDR Endpoint Detection and Response
AV Antivirus
FW Firewall
DRP Disaster Recovery Plan
BCP Business Continuity Plan
ICS Industrial Control System
SCADA Supervisory control and data acquisition
OT Operational Technology
PLC Programmable Logic Controller
HMI Human Machine Interface
DCS Distributed Control System
SIS Safety Instrumented Systems
BMS Building Management System
DCIM Data Center and Infrastructure Management
SIEM Security Information and Event Management
SOAR Security Orchestration, Automation, and Response
XDR Extended Detection and Response
UEBA User Entity Behaviour Analytics
ML Machine Learning
AI Artificial Intelligence
ROI Return on Investment
FMCG Fast Moving Consumer Goods
NPP Nuclear Power Plant
O&G Oil and Gas (also ONG)
UTM Unified Threat Management
GDPR General Data Protection Regulation
CCPA California Consumer Privacy Act
CMA Computer Misuse Act
CFAA Computer Fraud and Abuse Act
MLAT Mutual Legal Assistance Treaty
CLOUDA Clarifying Lawful Overseas Use of Data Act
IP Intellectual Property
FOIA Freedom of Information Act
TTX Table Top Exercise
HIBP Have I Been Pwned
WP Word Press
AWS Amazon Web Services
GCP Google Cloud Platform
OCI Oracle Cloud Infrastructure
MDE Microsoft Defender for Endpoint
SME (1) Small Medium Enterprise
SME (2) Subject Matter Expert
PSOA Private Sector Offensive Actor
FIDO Fast Identity (ID) Online
PKI Public Key Infrastructure
OKR Objectives and Key Results
SMART Specific, Measurable, Assignable, Realistic and Time-related
SLA Service-level Agreement
BCP Business Continuity Plan
DRP Disaster Recovery Plan
IRP Incident Response Plan
GRC Governance Risk and Compliance
IAM Identity and Access Management
MDR Managed Detection and Response
ATO Account Take Over
HSM Hardware Security Module
MNO Mobile Network Operator
UAT User Acceptance Testing
MUA Mail User Agent
MTA Message Transfer Agent
MDA Message Delivery Agent
VX Virus Exchange

Financial Crimes

TERM DESCRIPTION
BTC Bitcoin
ETH Ethereum
XMR Monero
DeFi Decentralised Finance
DEX Decentralized Exchange
CEX Centralized Exchange
P2PE Peer-to-peer Exchange
VAs Virtual Assets
VASPs Virtual Asset Service Providers
KYC Know Your Customer
CDD Customer Due Diligence
PoS Point of Sale
OFAC Office of Foreign Assets Control (US)
FINCEN Financial Crimes Enforcement Network (US)
FCA Financial Conduct Authority (UK)
SAR Suspicious Activity Report
STR Suspicious Transaction Report
ML Money Laundering
TF Terrorist Financing
AML Anti-Money Launder
CFT Combating the Financing of Terrorism
FATF Financial Action Task Force
SWIFT Society for Worldwide Interbank Financial Telecommunication
ACH (2) Automated Clearing House
FIU Financial Intelligence Unit
PRF Payment Redirection Fraud
PCI DSS Payment Card Industry Data Security Standard
SVC Stored Value Card

CTI, Technical, and Intelligence Jargon

TERM DESCRIPTION
Counter Intelligence Learning what the opposition knows
State-sponsored Supported financially or authorised by a sovereign state
NatSec National Security
Malware Malicious Software
Ransomware Malware that encrypts files and demands a ransom for the decryption key
Wiper Malware that destroys data
Worm Self-spreading malware
Spyware Malicious Software for surveillance
Trojan Malware in disguise
Infostealer Credential harvesting malware
Web Shell Command and script interpreter deployed on a compromised website
Skimmer Malicious script that exfiltrates form data from a website
Cryptomining/Cryptojacking Malicious cryptocurrency mining program that consumes system resources
Packer Malware obfuscation tool
Payload Component intended for delivery
Backdoor Remote access via an infected system
Botnet Network of infected devices
Loader Malware delivery system
Phishing Malicious email to push malware or harvesting credentials
Phishing Kit Collection of assets used to launch a phishing campaign
SMiShing SMS-based phishing
Simming/SIM Swapping When mobile carriers are tricked to transfer a victim's phone number to an attacker
Spear-phishing Highly targeted phishing
Vishing Voice-based phishing
Vulnerability An error found within a system
Exploit Leveraging a vulnerability to gain an advantage
Exploit Kit Toolkit that exploits multiple vulnerabilities to push malware
0day Unpatched vulnerability
PrivEsc Privilege Escalation
PreAuth Pre-authentication (access without authorisation)
Patch Gap Time between a software patch is released and vendors apply it
Shell Command and script interpreter deployed on a compromised system
Enumeration The process of listing all the attributes of a system
Cybercrime Computer aided crime (aka eCrime)
Clearweb Websites without a barrier to entry
Darknet .onion sites invisible to the clearweb
Deepweb Closed parts of the clear web (e.g. group chats, private servers, underground forums)
Doxxed When an individual's private information is made public
Honeypot A system that mimics a device to attract attackers
Honeytrap A threat actor (attractive in appearance) deployed to target personnel
Social Engineering Exploiting the human factor in a secure system
Initial Access Broker A hacker who sells their initial foothold in a network
Data Broker A hacker who sells databases and information
Proxy A separate internet connection between the destination and the source (aka VPN, VPS)
Cyber-espionage Computer-enabled state intelligence campaigns
Drive-by Compromise Unintentional download of malicious code
Sock Puppet Fictitious online identity
Carding/Carders Fraud using stolen credit cards
Magecart Cybercriminals who target online shopping cart systems built with Magento
Golden Image/VM Templates of OS images with preconfigured settings and applications that can redeployed quickly
Zero Trust a security model based on the idea devices should not be trusted by default
Tiger Team a team of specialists assembled to work on a specific goal or to solve a particular problem
Mixer A non-custodial service for laundering cryptocurrency by obfuscating transactions
CoinJoin A method to obfuscate transactions by obfuscating wallet addresses
Chain Hopping A method to obfuscate cryptocurrency transactions by changing blockchains/cryptocurrencies