The Unified Kill Chain
The Unified Kill Chain merges and extends the Cyber Kill Chain® and MITRE ATT&CK®. It was developed by Paul Pols in his master's thesis, Modeling Fancy Bear Attacks: Unifying the Cyber Kill Chain.
The white paper is available here:
The Unified Kill Chain splits the attack life cycle into three main stages: Initial Foothold, Network Propagation, and Action on Objectives. Let's look at each stage separately.
Initial Foothold
The first stage describes the steps performed by threat actors to gain access to the target system or network.
Figure 12.1 – The steps of the Initial Foothold stage
The life cycle starts with researching the target (Reconnaissance). Then, ransomware affiliates need to prepare the infrastructure: malware (including ransomware) and other weaponized objects, as well as C2 infrastructure, and so on (Weaponization...