As a cybersecurity analyst, you observed a suspicious increase in outbound traffic from one of your organization's servers. Upon investigation, you have identified a pattern of behavior corresponding to exfiltration of data. Using the Diamond Model of Intrusion Analysis, which aspect would you prioritize to understand the context of the adversary's infrastructure and capabilities?
Capability
Victim
Adversary Infrastructure
Adversary's Tools