Current Advanced Persistent Threats (APTs) are predominantly presented in unstructured text formats, making it difficult to effectively correlate with vulnerability information. This results in risk assessments lacking scientific models that integrate attack characteristics, attacker groups, and actual exploitation behaviors. This study proposes an APT attack intelligence analysis framework that combines topology theory and Artificial Intelligence (AI). Using Active Directory (AD) attacks as a case study, we collected five years of cyber threat intelligence relevant to Taiwan’s cybersecurity defense ecosystem. We constructed topological graphs and applied PageRank, TrustRank, and RST to quantitatively assess risk. Additionally, LoRA fine-tuning of LLaMA 3.1 was used to predict CVSS metrics. The results demonstrate that this approach effectively identifies behavioral characteristics of APT families and constructs dynamic risk scores, thereby improving the accuracy of remediation decision-making.