The term Tactics, Techniques, and Procedures (TTP) describes an approach of analyzing an APT’s operation or can be used as means of profiling a certain threat actor. The word Tactics is meant to outline the way an adversary chooses to carry out his attack from the beginning till the end. Technological approach of achieving intermediate results during the campaign is described by Techniques the attacker uses. Lastly, the organizational approach of the attack is defined by procedures which are used by the threat actor. In order to understand and fight the enemy one has to understand the Tactics, Techniques and Procedures (TTP) the attacker uses. Knowing the Tactics of an adversary can help in predicting the upcoming attacks and detect those in early stages. Understanding the Techniques used during the campaign allows to identify organization’s blind spots and implement countermeasures in advance. Finally, the analysis of the procedures used by the adversary can help to understand what the adversary is looking for within the target’s infrastructure.
TTPs that are described within this research are meant to show the complexity of the life-cycle rather than provide an exhaustive list. Additionally, it is shown that in order to perform certain stages of the attack attackers can use readily available tools and thus can focus on the tactical part rather than on developing tools.