Internal detection: When an organization independently discovers it has been compromised.

External detection: When an outside entity informs an organization it is has been compromised.

Dwell time: The number of days an attacker is present in a victim environment before they are detected.

Malware family: A program or set of associated programs with sufficient code overlap.

Malware category: A malware family’s primary purpose.

OS effectiveness of a malware family: The operating system(s) that the malware can be used against.

Hop points: Compromised systems to camouflage the attacker’s IP address without the knowledge of the systems’ owners. These systems belong to third-party victims who are compromised for access to infrastructure.