An incident responder is investigating an intrusion where the threat actor obtained sensitive data from a segmented portion of the network. To enhance the organization's defense strategy against such tactics in the future, which resource would BEST aid the responder in correlating the adversary's behavior patterns to known threat actor profiles?
The Diamond Model for Intrusion Analysis
NIST's Intrusion Analysis Model
MITRE ATT&CK
ISO/IEC 27035