MITRE Shield will be retired on October 18th in favor of MITRE Engage. To learn more, click here.

Burn-In

Exercise a target system in a manner where it will generate desirable system artifacts.

Exercising the system to create desirable system artifacts including web browsing, filesystem usage, running user applications like office suites, etc. The burn-in process can be specific to a user or system, depending on your needs.

Details
ID: DTE0008
Tactics:  Legitimize Facilitate

Opportunities

IDDescription
DOS0006 There is an opportunity to prepare user accounts so they look used and authentic.
DOS0093 There is an opportunity to seed systems with decoy cookies that will lead adversaries to decoy targets.
DOS0112 In an adversary engagement scenario, there is an opportunity to prepare a user's browser data (sessions, cookies, etc.) so it looks authentic and fully populated.

Use Cases

IDDescription
DUC0006 A defender can prepare a Decoy System by logging in to the Decoy Account and using it in ways consistent with the deception story, creating artifacts in the system that make it look legitimate.
DUC0093 A defender can authenticate to a collection of decoy sites (as a decoy user) to give the adversary a set of session cookies to harvest and potentially use during adversary engagement.
DUC0112 A defender can perform web browsing tasks on a decoy system over time to give the adversary a robust set of browser data that looks realistic and could potentially be used during adversary engagement.

Procedures

IDDescription
DPR0016 Configure a decoy system and allow it to be used in an manner such that it collects activity logs and appears to be to be a legitimate system.
DPR0017 Configure a system to generate internet browser traffic for a decoy user profile, creating artifacts such as cookies, history, temp files, etc.

ATT&CK® Techniques

IDNameATT&CK Tactics
T1078 Valid Accounts Defense EvasionPersistencePrivilege EscalationInitial Access
T1185 Man in the Browser Collection
T1539 Steal Web Session Cookie Credential Access