We welcome your feedback about MITRE Engage™ v0.9 Beta: Email us at engage@mitre.org

Artifact Diversity

Present the adversary with a variety of network and system artifacts.

Artifact Diversity means presenting multiple network and system artifacts to the adversary including accounts, files/directories, credentials, logs, web browsing history, browser cookies, etc. These artifacts can be legitimate artifacts created as the result of natural usage over time or manually added to the environment by the defender. Artifact Diversity can be used to encourage the adversary to engage by offering a broad attack surface or can increase the adversary's overall comfort level by adding to the believability of the environment.

Additionally, these artifacts can be decoy artifacts intended to elicit a specific response from the adversary. In any case, by monitoring adversary activity in a diverse environment, the defender can gain information on the adversary's capabilities and targeting preferences. For example, a defender can include a diverse set of accounts and credentials and then monitor to determine which accounts the adversary targets in the future.

Details
ID: EAC0022
Type:  Engagement 
Goals:  Elicit
Approaches:  Reassurance Motivation
Whenever an adversary interacts with the environment, their actions reveal vulnerabilities. Defenders can utilize engagement activities to take advantage of such weaknesses.

The following table lists the adversary tactics on the left and the revealed vulnerability on the right that can be exploited by the defender using Artifact Diversity.

ATT&CK® Tactics Adversary Vulnerability Presented
Discovery Execution Initial Access Persistence Defense Evasion Impact Credential Access Reconnaissance Collection When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.