Test signature detection
An adversary can test the detections of malicious emails or files by using publicly available services, such as virus total, to see if their files or emails cause an alert. They can also use similar services that are not openly available and don't publicly publish results or they can test on their own internal infrastructure. 
Detectable by Common Defenses (Yes/No/Partial): Partial
Explanation: If using a common service like [https://www.virustotal.com VirusTotal], it is possible to detect. If the adversary uses a hostile, less well-known service, the defender would not be aware.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: Easy to automate upload/email of a wide range of data packages.
- Kim Zetter. (14, September 2). A Google Site Meant to Protect You Is Helping Hackers Attack You. Retrieved March 9, 2017.