Fake System Logs

Goal: Gather information about attacker activity by planting fake system logs.

Approach: Creating and placing misleading system logs to attract attacker attention.

Create fake system logs that indicate suspicious activity, failed login attempts, or successful privilege escalations. Place these logs in locations where attackers are likely to search for evidence of compromise.

Engage Goals: EGO0003 Elicit

Engage Approach: EAP0001 Collect

Engage Actions: EAC0011 Pocket Litter, EAC0015 Information Manipulation

Name of Element: Fake System Logs

Description of Element:

Goal: Gather information about attacker activity by planting fake system logs.

Approach: Creating and placing misleading system logs to attract attacker attention.

Create fake system logs that indicate suspicious activity, failed login attempts, or successful privilege escalations. Place these logs in locations where attackers are likely to search for evidence of compromise.

Technical Context:

This element requires knowledge of system logging mechanisms and the ability to create realistic log entries. This aligns with the MITRE ATT&CK technique T1564.001 (Hide Artifacts: Hidden Files and Directories).

Other:

Combine this with deceptive timestamps or user accounts to make the fake logs appear more credible.

Leave a Reply