# Basic Terminology

Before diving in, let's briefly discuss a few terms that you will often hear when dealing with the framework, threat intelligence, etc.

APT is an acronym for Advanced Persistent Threat. This can be considered a team/group (threat group), or even country (nation-state group), that engages in long-term attacks against organizations and/or countries. The term 'advanced' can be misleading as it will tend to cause us to believe that each APT group all have some super-weapon, e.i. a zero-day exploit, that they use. That is not the case. As we will see a bit later, the techniques these APT groups use are quite common and can be detected with the right implementations in place. You can view FireEye's current list of APT groups [here](https://www.fireeye.com/current-threats/apt-groups.html).  <br>

**TTP** is an acronym for Tactics, Techniques, and Procedures, but what does each of these terms mean?

* The Tactic is the adversary's goal or objective.
* The Technique is how the adversary achieves the goal or objective.
* The Procedure is how the technique is executed.

**TI** is an acronym for **Threat Intelligence**. Threat Intelligence is an overarching term for all collected information on adversaries and TTPs. You will also commonly hear **CTI** or **Cyber Threat Intelligence** which is just another way of saying Threat Intelligence.

**IOCs** is an acronym for **Indicators of Compromise,** the indicators for malware and adversary groups. Indicators can include file hashes, IPs, names, etc.