Esc
Decoy File
Definition
A file created for the purposes of deceiving an adversary.
How it works
The decoy file is made available as a local or network resource. Accesses to the file may be monitored. The files may be configurations, documents, executables, or other file types.
Considerations
Properties of the file such as cryptographic checksums, file creation date, file modified date, file size, file owner etc may be modified to improve the credibility of the file.
Example
- A CSV file with decoy user credentials is placed on a system. The system or network is then monitored to detect any accesses to the decoy files.
loading...
loading...
References
All
Patent
The following references were used to develop the Decoy File knowledge-base article.
(Note: the consideration of references does not imply specific functionality exists in an offering.)
Open source intelligence deceptions
MITRE Comments
Seems to focus on configuration oriented files to put in decoy hostnames etc. to publish on internet sites, then monitor the decoy "objects".
Reference Type: Patent Organization: Illusive Networks Ltd Author: Hadar Yudovich; Nimrod Lavi; Sharon Bittan; Tom Kahana; Tom Sela
Supply chain cyber-deception
Reference Type: Patent Organization: Cymmetria, Inc. Author: Gadi EVRON; Dean SYSMAN; Imri Goldberg; Shmuel Ur
System and a method for identifying the presence of malware and ransomware using mini-traps set at network endpoints
Reference Type: Patent Organization: Fidelis Cybersecurity Solutions Inc Author: Doron Kolton; Rami Mizrahi; Omer Zohar; Benny Ben-Rabi; Alex Barbalat; Shlomi Gabai
System and methods thereof for preventing ransomware from encrypting data elements stored in a memory of a computer-based system
Reference Type: Patent Organization: Palo Alto Networks Inc Author: Gil BARAK
D3FEND™
A knowledge graph of cybersecurity countermeasures