Test signature detection

An adversary can test the detections of malicious emails or files by using publicly available services, such as virus total, to see if their files or emails cause an alert. They can also use similar services that are not openly available and don't publicly publish results or they can test on their own internal infrastructure. [1]

ID: T1292

Tactic: Technical Weakness Identification

Version: 1.0

Detection

Detectable by Common Defenses (Yes/No/Partial): Partial

Explanation: If using a common service like [https://www.virustotal.com VirusTotal], it is possible to detect. If the adversary uses a hostile, less well-known service, the defender would not be aware.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Easy to automate upload/email of a wide range of data packages.

References

  1. Kim Zetter. (14, September 2). A Google Site Meant to Protect You Is Helping Hackers Attack You. Retrieved March 9, 2017.