Unified Kill Chain in Cyber Threat Intelligence

Unified Kill Chain

Attack Phases (Tactics)

The Unified Kill Chain includes 18 phases or tactics, which are the steps a cyberattack may progress through. Any particular attack can skip phases, repeat phases, or go out of order.

  1. Weaponization: set up infrastructure for attack
  2. Delivery: send weaponized object (e.g., malware) to target
  3. Social Engineering: manipulate people to perform unsafe actions
  4. Exploitation: take advantage of a vulnerability on target’s systems (possibly to execute code)
  5. Persistence: maintain access to systems
  6. Defense Evasion: avoiding detection and defenses
  7. Command and Control: communicate with compromised systems to control them
  8. Pivoting: use a controlled system to gain access to others
  9. Discovery: gain knowledge about system and network
  10. Privilege Escalation: gain higher-level permissions
  11. Execution: run attacker-controlled code
  12. Credential Access: steal usernames and passwords
  13. Lateral Movement: access and control other systems
  14. Collection: gather data of interest
  15. Exfiltration: steal data from the network
  16. Impact: manipulate, interrupt, or destroy systems or data
  17. Objectives: use social and technical means to achieve strategic goal

Attack Phase Combinations

The Unified Kill Chain describes 3 ways in which phases are combined to achieve intermediate goals.

  1. Network Propagation: gain additional access within network (Pivoting, Discovery, Privilege Escalation, Execution, Credential Access)
  2. Action on Objectives: achieve goal of attack (Credential Access, Lateral Movement, Collection, Exfiltration, Impact, Objectives)

Unified Kill Chain in CTI

CTI analysts can use the Unified Kill Chain to model attacks and threat actors. If you want to describe the steps of a particular attack, you can put the tactics that were used into an attack-specific kill chain.

Additional Resources

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store