Detectable by Common Defenses (Yes/No/Partial): Yes

Explanation: While possible to detect given a significant sample size, depending on how the unique identifier is used detection may be difficult as similar patterns may be employed elsewhere (e.g., content hosting providers, account reset URLs).

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: An adversary can easily generate pseudo-random identifiers to associate with a specific target, include the indicator as part of a URL and then identify which target was successful.

References

Joe Stewart and Don Jackson, Dell SecureWorks Counter Threat Unit(TM) Threat Intelligence. (2013, July 31). Secrets of the Comfoo Masters. Retrieved March 6, 2017.