Honeyfiles with Deceptive Content

Engage Goals: EGO0001 Expose, EGO0003 Elicit

Engage Approach: EAP0001 Collect, EAP0002 Detect

Engage Actions: EAC0005 Lures, EAC0011 Pocket Litter

Name of Element: Honeyfiles with Deceptive Content

Description of Element:

Goal: Identify attackers attempting to exfiltrate data and gather information about their targets.

Approach: Creating and monitoring honeyfiles with enticing but fake data.

Plant “honeyfiles” – files with seemingly sensitive information – in locations where attackers are likely to search for valuable data. These files contain fabricated data, tracking mechanisms, or even trigger alerts upon access.

Technical Context:

These honeyfiles can mimic real documents, spreadsheets, or databases, but contain misleading or harmless data. Monitor access attempts and analyze attacker behavior to understand their objectives. This aligns with the MITRE ATT&CK technique T1005 (Data from Local System).

Other:

Vary the types of honeyfiles and their content to attract different types of attackers.

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense