MITRE actually maintains a page describing the differences between the two and another page defining "tactics", "techniques", and "procedures". The rest of this answer is a series of direct quotes from the first page since this appears to be the primary focus of your question. I've avoided putting it all in block quotes to make it more readable with our formatting options.
CAPEC is focused on application security and describes the common attributes and techniques employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. (e.g., SQL Injection, XSS, Session Fixation, Clickjacking)
- Focus on application security
- Enumerates exploits against vulnerable systems
- Includes social engineering / supply chain
- Associated with Common Weakness Enumeration (CWE)
ATT&CK is focused on network defense and describes the operational phases in an adversary’s lifecycle, pre and post-exploit (e.g., Persistence, Lateral Movement, Exfiltration), and details the specific tactics, techniques, and procedures (TTPs) that advanced persistent threats (APT) use to execute their objectives while targeting, compromising, and operating inside a network.
- Focus on network defense
- Based on threat intelligence and red team research
- Provides contextual understanding of malicious behavior
- Supports testing and analysis of defense options
How they are related ...
Many attack patterns enumerated by CAPEC are employed by adversaries through specific techniques described by ATT&CK. This enables contextual understanding of the attack patterns within an adversary’s operational lifecycle. CAPEC attack patterns and related ATT&CK techniques are cross referenced when appropriate between the two efforts.
Use CAPEC for:
- Application threat modeling
- Developer training and education
- Penetration testing
Use ATT&CK for:
- Comparing computer network defense capabilities
- Defending against the Advanced Persistent Threat
- Hunting for new threats
- Enhancing threat intelligence
- Adversary emulation exercises
