Deceptive User Behavior Patterns

Goal: Disrupt attacker profiling and behavioral analysis by simulating unusual user activity.

Approach: Generating fake user activity to confuse attackers and trigger alerts.

Generate fake user activity, such as logins at odd hours, access to unusual files, or execution of uncommon commands. This can disrupt attacker attempts to profile user behavior and blend in with normal activity.

Engage Goals: EGO0002 Affect

Engage Approach: EAP0005 Disrupt

Engage Actions: EAC0003 System Activity Monitoring, EAC0012 Personas

Name of Element: Deceptive User Behavior Patterns

Description of Element:

Goal: Disrupt attacker profiling and behavioral analysis by simulating unusual user activity.

Approach: Generating fake user activity to confuse attackers and trigger alerts.

Generate fake user activity, such as logins at odd hours, access to unusual files, or execution of uncommon commands. This can disrupt attacker attempts to profile user behavior and blend in with normal activity.

Technical Context:

This element requires the ability to simulate user actions and generate corresponding system events. This aligns with the MITRE ATT&CK technique T1564.006 (Hide Artifacts: Timestomp).

Other:

Combine this with deceptive user account creation or modification to further enhance the illusion.

Leave a Reply