The Threat Actor Profile Guide for CTI Analysts


Threat actor profiles are made for a range of reasons. An example trigger for creating a new profile can include after an incident, e.g., an internal detection or supply chain breach has been observed. Alternatively, CTI research has identified that their organisation(s) or client(s) are likely to be targeted by the threat actor due to a number of factors.

The ‘Threat Actor Profile Guide for CTI Analysts’ was created after multiple Curated Intelligence members requested advice about the topic and their creation. Individuals in our community expressed difficulty and some shared their experiences around the difficulty of making one for their stakeholders.

The Three Page PDF document resource is available in our GitHub here:


This guide offers a templated introduction for CTI analysts getting started with profiling threat actors. Experienced CTI analysts and mature teams will likely have a more refined methodology and even different types of threat actor profiles tailored for a specific stakeholder type.