Skip to main content

Table 1 TTPs categories and TTPs description text examples

From: TIM: threat context-enhanced TTP intelligence mining on unstructured threat data

TTPs Description example
Phishing Dragonfly has used spearphising campaigns to gain access to victims.
Scheduled Task/Job Remsec schedules the execution one of its modules by creating a new scheduler task.
Obfuscated Files or Information Agent Tesla has had its code obfuscated in an apparent attempt to make analysis difficult.
Deobfuscate/Decode Files or Information Carbon decrypts task and configuration files for execution.
Collection* The jar file contains various classes for platform-specific implementations for capturing screenshots, capturing audio, logging keystrokes, among others.
Application Layer Protocol Carbon can use HTTPs in C2 communications.