What is Diamond Model of Intrusion Analysis?
The Diamond Model of Intrusion Analysis is a model to describe cyber attacks. It contains 4 parts - adversary, infrastructure, capability, and target. It gives analysts a comprehensive view of cyber attacks.
- Adversary: Where are attackers from? Who are the attackers? Who is the sponsor? Why attack? What is the activity timeline and planning?
- Infrastructure: Infected computer(s), C2 domain names, location of C2 servers, C2 server types, mechanism and structure of C2, data management & control, and data leakage paths
- Capability: What skills do the attackers have to do reconnaissance, deliver their attacks, attack exploits and vulnerabilities, deploy their remote-controlled malwares and backdoors, and develop their tools?
- Target: Who is their target country/region, industry sector, individual, or data?
Why Does It Matter?
For various cyber attacks, the diamond model of intrusion analysis can help enterprise cybersecurity teams find system breaches and deal with them. By doing so, they can successfully achieve cybersecurity defense goals.

Learn more about how we help enterprises via cyber threat intelligence: https://teamt5.org/en/products/threatvision/
*Image courtsey of Pixabay
Related Post
Threat Intelligence
5.10.2022
Hiding in Plain Sight: Obscuring C2s by Abusing CDN Services
cyber threat intelligence, threat hunting
Events
5.16.2022
【Black Hat Asia 2022】Chinese APTs are Looting the Online Entertainment Industry, TeamT5 Researchers Publish Analysis at Black Hat Asia
threat hunting, cyber threat intelligence, 威脅情資, 資安情資
Events
5.16.2022
【Black Hat Asia 2022】New Trend of Modular Backdoor and APT Attacks, TeamT5 Researchers Publish Analysis at Black Hat Asia
threat hunting, cyber threat intelligence, 威脅情資, 資安情資
Products & Services
5.23.2022
What is Cyber Threat Intelligence (CTI)? Why Does It Matter?
cyber threat intelligence, threat hunting