We analyzed typical attack events and carded the processes of threat effect based on these attack events. We completed the restoration from tactics to technology according to ATT&CK framework, and replayed the effect transmission by the methods by our study, respectively.

We expressed the processes of these events as tactical diagrams and process sequence diagrams, and further implemented characterization and statistics of event elements based on these diagrams.

Each Threat Event Folder:

1.The "Support Research or Report" contains the supporting resource of papers and researches during the analysis of the event.

2.Our Group analysis the technics and tactics in the event and sign them on the ATT&CK Framework, attackers' actions can be obtained through this dragram.

3.We analyzed the attack process, the transmission method of threats between assets, the impact on assets, and the state changes brought to them. This can be obtained from the threat transmission diagrams.

4.We have developed a threat transmission characterization software to build a knowledge base for attack process description. The json file is used to configure the parameters of the threat transmission process corresponding to the attack event. We are going to release web version that can be edited online, support the import of json files and database files, and display the specific status information of assets in the threat transmission process. 

Thank you for visiting the SoS Threat Model Website!