1.3 KiB
1.3 KiB
Diamond Model
Adversary
Any actor utilizing capability against the victim to achieve a goal
Capability
Describes TTPs used in the attack. Every capability has a capacity. Adversary Arsenal is the overall capacity of an attacker's capabilities.
Infrastructure
Physical and logical communication structures the attacker uses to deliver a capability, C2, exfiltration.
- Type 1: Belongs to the adversary
- Type 2: Is used by the adversary as a proxy from which the attack is send
- Other Service Providers: Any service used to reach the goal of an adversary
Victim
The target the adversary exploits. May be a person or a technical system.
Meta Features
Timestamp
- Events are logged with timestamps
Phase
Events happen in succession of multiple steps.
Result
Approximate or full goal of the adversary.
Methodology
Malicious activities are categorized to differentiate the methods of attack
Resources
All supporting elements an event depends on.
- Software
- Hardware
- Funds
- Facilities
- Access
- Knowledge
- Information
Technology and Direction
Connects infrastructure and capabilities.
Socio-Political
An existing relationshiop between the adversary and the victim