We proposed a classification scheme for organizing and categorizing existing research works on the basis of the purposes of CTI knowledge acquisition, and we highlighted the methodology adopted by the existing studies. In accordance with the proposed classification scheme, we thoroughly review and discuss current works, including cybersecurity related entities and events, cyber attack tactics, techniques and procedures, profiles of hackers, indicators of compromise, vulnerability exploits and malware implementation, and threat hunting. Furthermore, we discussed current challenges and promising future research directions. Over the past several decades, there has been tremendous interest in CTI mining, specifically for proactive cybersecurity defense. Many people have come to the attention that an enormous number of new techniques and models are developed every year.