The sub-techniques beta is now live! Read the release blog post for more info.

Test signature detection

An adversary can test the detections of malicious emails or files by using publicly available services, such as virus total, to see if their files or emails cause an alert. They can also use similar services that are not openly available and don't publicly publish results or they can test on their own internal infrastructure. [1]

ID: T1292
Tactic: Technical Weakness Identification
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018

Detection

Detectable by Common Defenses (Yes/No/Partial): Partial

Explanation: If using a common service like [https://www.virustotal.com VirusTotal], it is possible to detect. If the adversary uses a hostile, less well-known service, the defender would not be aware.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Easy to automate upload/email of a wide range of data packages.

References

  1. Kim Zetter. (14, September 2). A Google Site Meant to Protect You Is Helping Hackers Attack You. Retrieved March 9, 2017.