Diamond Model Overview Flashcards

1
Q

Diamond Model

A
  • Systematic method to analyze events in a repeatable way so that threats can be organized, tracked, sorted, and countered.
  • It’s a framework by which a SOC team can organize and verify APT and then use that knowledge to thwart malicious adversaries.
  • Typically an Adversary uses a Capability over an Infrastructure to Attack a victim.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Adversary

A

• The entity responsible for conducting an intrusion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Capability

A

• A tool or technique that the attacker may use in an event.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Victim

A

• The target of the attacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Infrastructure

A

The physical or logical communications nodes that the attacker uses to establish and maintain command and control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Type 1 Infrastructure

A

• Owned and controlled by the adversary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Type 2 Infrastructure

A
  • Co-Opted by the adversary, but is owned by a third party that may or may not know the adversary is using the infrastructure.
  • The true identity of the adversary is obfuscated
  • The Attacker gains access solely for “hopping” through during an attack.
  • To the target the attacker would appear as if coming form an intermediary “hop” and cloak the attacker’s true identity.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Service providers

A

• provides type 1 and type 2 Infrastructure and includes ISPs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Exploit Kits

A
  • Sets of tools that are utilized to gain access to a targeted host.
  • usually automated and target client-side Vulnerabilities
  • Usually easy to obtain and use
  • Launching pad to deliver payload.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Neutrino

A

• Targets Java runtime environment, drops Ransomware on target systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Magnitude

A

• Commonly utilized to drop Ransomware on target systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Angler

A

Very versatile, utilizes a robust toolkit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Nuclear

A

Largely targets vulnerable adobe flash Vulnerabilities, largely safe from AV detection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly