MITRE Shield will be retired on October 18th in favor of MITRE Engage. To learn more, click here.
Burn-In
Exercise a target system in a manner where it will generate desirable system artifacts.
Exercising the system to create desirable system artifacts including web browsing, filesystem usage, running user applications like office suites, etc. The burn-in process can be specific to a user or system, depending on your needs.
Details
ID:
DTE0008
Opportunities
| ID | Description |
|---|---|
| DOS0006 | There is an opportunity to prepare user accounts so they look used and authentic. |
| DOS0093 | There is an opportunity to seed systems with decoy cookies that will lead adversaries to decoy targets. |
| DOS0112 | In an adversary engagement scenario, there is an opportunity to prepare a user's browser data (sessions, cookies, etc.) so it looks authentic and fully populated. |
Use Cases
| ID | Description |
|---|---|
| DUC0006 | A defender can prepare a Decoy System by logging in to the Decoy Account and using it in ways consistent with the deception story, creating artifacts in the system that make it look legitimate. |
| DUC0093 | A defender can authenticate to a collection of decoy sites (as a decoy user) to give the adversary a set of session cookies to harvest and potentially use during adversary engagement. |
| DUC0112 | A defender can perform web browsing tasks on a decoy system over time to give the adversary a robust set of browser data that looks realistic and could potentially be used during adversary engagement. |
Procedures
| ID | Description |
|---|---|
| DPR0016 | Configure a decoy system and allow it to be used in an manner such that it collects activity logs and appears to be to be a legitimate system. |
| DPR0017 | Configure a system to generate internet browser traffic for a decoy user profile, creating artifacts such as cookies, history, temp files, etc. |
ATT&CK® Techniques
ID | Name | ATT&CK Tactics |
|---|---|---|
| T1078 | Valid Accounts | Defense Evasion, Persistence, Privilege Escalation, Initial Access |
| T1185 | Man in the Browser | Collection |
| T1539 | Steal Web Session Cookie | Credential Access |