Test malware in various execution environments
Malware may perform differently on different platforms (computer vs handheld) and different operating systems (Ubuntu vs OS X), and versions (Windows 7 vs 10) so malicious actors will test their malware in the environment(s) where they most expect it to be executed. 
DetectionDetectable by Common Defenses (Yes/No/Partial): No
Explanation: Adversary controls the test and defender likely has no visibility.
Difficulty for the AdversaryEasy for the Adversary (Yes/No): Yes
Explanation: Adversary can simulate most environments (e.g., variable operating systems, patch levels, application versions) with details available from other techniques.
- Morton Christiansen. (2010, May 7). Bypassing Malware Defenses. Retrieved March 9, 2017.