As a cybersecurity analyst, you observed a suspicious increase in outbound traffic from one of your organization's servers. Upon investigation, you have identified a pattern of behavior corresponding to exfiltration of data. Using the Diamond Model of Intrusion Analysis, which aspect would you prioritize to understand the context of the adversary's infrastructure and capabilities?
Victim
Adversary's Tools
Adversary Infrastructure
Capability