Test malware in various execution environments

Malware may perform differently on different platforms (computer vs handheld) and different operating systems (Ubuntu vs OS X), and versions (Windows 7 vs 10) so malicious actors will test their malware in the environment(s) where they most expect it to be executed. [1]

ID: T1357

Tactic: Test Capabilities

Version: 1.0


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Adversary controls the test and defender likely has no visibility.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Adversary can simulate most environments (e.g., variable operating systems, patch levels, application versions) with details available from other techniques.


  1. Morton Christiansen. (2010, May 7). Bypassing Malware Defenses. Retrieved March 9, 2017.