MITRE Shield will be retired on October 18th in favor of MITRE Engage. To learn more, click here.


Determine the interests, capabilities, or behaviors of an adversary.

Test is used to determine an adversary's interests, capabilities, behaviors, motivations, etc. This may include things like providing systems to see if an adversary engages or providing content to see if the adversary inspects or exfiltrates it. You can also test an adversary by making a tasks more difficult to perform and see if they have the capabilities to accomplish it.

ID: DTA0008


DTE0001 - Admin Access Modify a user's administrative privileges.
DTE0003 - API Monitoring Monitor local APIs that might be used by adversary tools and activity.
DTE0004 - Application Diversity Present the adversary with a variety of installed applications and services.
DTE0005 - Backup and Recovery Make copies of key system software, configuration, and data to enable rapid system restoration.
DTE0010 - Decoy Account Create an account that is used for active defense purposes.
DTE0011 - Decoy Content Seed content that can be used to lead an adversary in a specific direction, entice a behavior, etc.
DTE0012 - Decoy Credentials Create user credentials that are used for active defense purposes.
DTE0013 - Decoy Diversity Deploy a set of decoy systems with different OS and software configurations.
DTE0014 - Decoy Network Create a target network with a set of target systems, for the purpose of active defense.
DTE0015 - Decoy Persona Develop personal information (aka a backstory) about a user and plant data to support that backstory.
DTE0017 - Decoy System Configure a computing system to serve as an attack target or experimental environment.
DTE0018 - Detonate Malware Execute malware under controlled conditions to analyze its functionality.
DTE0023 - Migrate Attack Vector Move a malicious link, file, or device from its intended location to a decoy system or network for execution/use.
DTE0025 - Network Diversity Use a diverse set of devices on the network to help establish the legitimacy of a decoy network.
DTE0026 - Network Manipulation Make changes to network properties and functions to achieve a desired effect.
DTE0029 - Peripheral Management Manage peripheral devices used on systems within the network for active defense purposes.
DTE0030 - Pocket Litter Place data on a system to reinforce the legitimacy of the system or user.
DTE0032 - Security Controls Alter security controls to make the system more or less vulnerable to attack.
DTE0036 - Software Manipulation Make changes to a system's software properties and functions to achieve a desired effect.