The sub-techniques beta is now live! Read the release blog post for more info.

Test callback functionality

Callbacks are malware communications seeking instructions. An adversary will test their malware to ensure the appropriate instructions are conveyed and the callback software can be reached. [1]

ID: T1356
Tactic: Test Capabilities
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Adversary controls the test and defender likely has no visibility.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Adversary controls or acquires all pieces of infrastructure and can test outside of defender's visibility.


  1. Tony Lee. (2012, December 11). Testing Your Defenses - Beaconing. Retrieved March 9, 2017.