diff --git a/README.md b/README.md
index 8740427..1aed8d6 100644
--- a/README.md
+++ b/README.md
@@ -33,6 +33,7 @@ The following taxonomies are described:
 - [NATO Classification Marking](./nato)
 - [Open Threat Taxonomy v1.1 (SANS)](./open_threat)
 - [OSINT Open Source Intelligence - Classification](./osint)
+- [STIX-TTP](./stix-ttp) - Represents the behavior or modus operandi of cyber adversaries as normalized in STIX
 - [Stealth Malware Taxonomy as defined by Joanna Rutkowska](./stealth-malware)
 - [The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used.](./PAP)
 - [Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victim’s computer.](./targeted-threat-index)
@@ -124,6 +125,10 @@ Marking of Classified and Unclassified materials as described by the North Atlan
 
 Open Threat Taxonomy v1.1 base on James Tarala of SANS [ref](http://www.auditscripts.com/resources/open_threat_taxonomy_v1.1a.pdf).
 
+### [STIX-TTP](./stix-ttp)
+
+STIX-TTP exposes a set classification tools that represents the behavior or modus operandi of cyber adversaries as normalized in STIX. TTPs consist of the specific adversary behavior (attack patterns, malware, exploits) exhibited, resources leveraged (tools, infrastructure, personas), information on the victims targeted (who, what or where), relevant ExploitTargets being targeted, intended effects, relevant kill chain phases, handling guidance, source of the TTP information, etc.
+
 ### [Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victim’s computer.](./targeted-threat-index)
 
 The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victim’s computer. The TTI metric was first introduced at SecTor 2013 by Seth Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman. [More info about TTI](https://citizenlab.org/2013/10/targeted-threat-index/).
diff --git a/stix-ttp/machinetag.json b/stix-ttp/machinetag.json
new file mode 100644
index 0000000..26fc525
--- /dev/null
+++ b/stix-ttp/machinetag.json
@@ -0,0 +1,115 @@
+{
+    "namespace": "stix-ttp",    
+    "expanded": "STIX TTP",
+    "version": 1,
+    "description": "TTPs are representations of the behavior or modus operandi of cyber adversaries.",
+    "refs": [
+	"http://stixproject.github.io/documentation/idioms/industry-sector/"
+    ],
+    "predicates": [
+	{
+	    "value": "victim-targeting",
+	    "expanded": "Victim Targeting"
+	}
+    ],
+    "values": [
+	{
+	    "predicate": "victim-targeting",
+	    "entry": [
+		{
+		    "value": "business-professional-sector",
+		    "expanded": "Business & Professional Services Sector"
+		},
+		{
+		    "value": "retail-sector",
+		    "expanded": "Retail Sector"
+		},
+		{
+		    "value": "financial-sector",
+		    "expanded": "Financial Services Sector"
+		},
+		{
+		    "value": "media-entertainment-sector",
+		    "expanded": "Media & Entertainment Sector"
+		},
+		{
+		    "value": "construction-engineering-sector",
+		    "expanded": "Construction & Engineering Sector"
+		},
+		{
+		    "value": "government-international-organizations-sector",
+		    "expanded": "Goverment & International Organizations"
+		},
+		{
+		    "value": "legal-sector",
+		    "expanded": "Legal Services"
+		},
+		{
+		    "value": "hightech-it-sector",
+		    "expanded": "High-Tech & IT Sector"
+		},
+		{
+		    "value": "healthcare-sector",
+		    "expanded": "Healthcare Sector"
+		},
+		{
+		    "value": "transportation-sector",
+		    "expanded": "Transportation Sector"
+		},
+		{
+		    "value": "aerospace-defence-sector",
+		    "expanded": "Aerospace & Defense Sector"
+		},
+		{
+		    "value": "energy-sector",
+		    "expanded": "Energy Sector"
+		},
+		{
+		    "value": "food-sector",
+		    "expanded": "Food Sector"
+		},
+		{
+		    "value": "natural-resources-sector",
+		    "expanded": "Natural Resources Sector"
+		},
+		{
+		    "value": "other-sector",
+		    "expanded": "Other Sector"
+		},
+
+		{
+		    "value": "corporate-employee-information",
+		    "expanded": "Corporate Employee Information"
+		},
+		{
+		    "value": "customer-pii",
+		    "expanded": "Customer PII"
+		},
+		{
+		    "value": "email-lists-archives",
+		    "expanded": "Email Lists/Archives"
+		},
+		{
+		    "value": "financial-data",
+		    "expanded": "Financial Data"
+		},
+		{
+		    "value": "intellectual-property",
+		    "expanded": "Intellectual Property"
+		},
+		{
+		    "value": "mobile-phone-contacts",
+		    "expanded": "Mobile Phone Contacts"
+		},
+		{
+		    "value": "user-credentials",
+		    "expanded": "User Credentials"
+		},
+		{
+		    "value": "authentification-cookies",
+		    "expanded": "Authentication Cookies"
+		}		
+	    ]
+	}
+    ]
+}