We welcome your feedback about MITRE Engage v0.9 Beta: Email us at engage@mitre.org

Elicit

Learn about adversaries tactics, techniques, and procedures.

Elicit encourages adversaries to reveal additional or more advanced TTPs and goals while operating in defender-controlled engagement environments. These high-fidelity, synthetic engagement environments are uniquely tailored to engage with specific adversaries. They may contain a combination of documents, browser artifacts, etc. to reassure an adversary and reduce suspicion. Further, they may offer enticing data and exploitable vulnerabilities to motivate an adversary to operate in the defender's environment.

These environments can either be left as a dangle, i.e., honeypot. Other times, the defender may self-infect with malware. In either case, observing an adversary as they operate can provide organizations with actionable cyber threat intelligence and potential understanding of the adversary’s goals.

Engage defines two approaches to make progress towards the Elicit goal.

  • Reassurance focuses on providing an environment that reduces adversary suspicion by meeting expectations and creating an artifact rich environment.
  • Motivation seeks to create a target rich environment that encourages the adversary to engage in new TTPs.

Details
ID: EGO0003
Type:  Engagement 

Approaches

Approach NameDescriptionID
Reassurance Add authenticity to deceptive components to convince an adversary that an environment is real. EAP0006
Motivation Encourage an adversary to conduct part or all of their mission. EAP0007