Pyramid of Pain
Definition
A model proposed by David Bianco that ranks IOC types by the cost to an attacker of changing them when defenders start using that indicator. Hash values are at the base (trivial to change); TTPs are at the apex (costly to change).
Related terms
- Domain generation algorithm (DGA)
- Code embedded in malware that produces a large set of pseudo-random domain names on a scheduled basis. The malware tries each until...
- Indicator of Compromise (IoC)
- An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...
- MISP (Malware Information Sharing Platform)
- An open-source threat intelligence platform that enables structured sharing of IOCs and threat intelligence using STIX and other formats. Widely deployed by...
- STIX (Structured Threat Information eXpression)
- An OASIS open standard that defines a JSON-based language for describing cyber threat intelligence. STIX 2.1 defines objects for indicators, threat actors,...
- TAXII (Trusted Automated eXchange of Intelligence Information)
- The transport protocol companion to STIX. TAXII defines how STIX data is exchanged between servers and clients over HTTPS, enabling automated ingestion...
Explained in
- Indicators of Compromise: Identification and UseA model proposed by David Bianco that ranks IOC types by the cost to an attacker of changing them when defenders start using that indicator. Hash values are at...