Decoy File
Definition
A file created for the purposes of deceiving an adversary.
How it works
The decoy file is made available as a local or network resource. Accesses to the file may be monitored. The files may be configurations, documents, executables, or other file types.
Considerations
Properties of the file such as cryptographic checksums, file creation date, file modified date, file size, file owner etc may be modified to improve the credibility of the file.
Example
- A CSV file with decoy user credentials is placed on a system. The system or network is then monitored to detect any accesses to the decoy files.
References
The following references were used to develop the Decoy File knowledge-base article.
(Note: the consideration of references does not imply specific functionality exists in an offering.)
Open source intelligence deceptions
MITRE Comments
Seems to focus on configuration oriented files to put in decoy hostnames etc. to publish on internet sites, then monitor the decoy "objects".