We have a blog! Check out MITRE Shield on Medium.

Decoy Persona

Develop personal information (aka a backstory) about a user and plant data to support that backstory.

A decoy persona is used to establish background information about a user. In order to have the adversary believe they are operating against real targets (people and IT), develop a backstory about a user and plant data to support that backstory. Depending on the need for realism, the constructed persona can be supported by evidence of hobbies, social and professional interactions, consumer transactions, employment, etc.

Details
ID: DTE0015
Tactics:  Channel Facilitate Legitimize Test

Opportunities

IDDescription
DOS0002 There is an opportunity to discover who or what is being targeting by an adversary.

Use Cases

IDDescription
DUC0019 A defender can seed information about the decoy persona's personal accounts on systems to see if the adversary collects and uses that information in future activity.

Procedures

IDDescription
DPR0029 Create a persona that represents an employee with hobbies, outside interests, personal accounts, etc. This persona may be used in conjunction with decoy accounts and credentials.
DPR0030 Create a persona that represents an employee's projects and job scope. This persona information can be leveraged in conjunction with Burn-In and Pocket Litter.

ATT&CK® Techniques

IDNameATT&CK Tactics
T1566 Phishing Initial Access