Test malware in various execution environments

Malware may perform differently on different platforms (computer vs handheld) and different operating systems (Ubuntu vs OS X), and versions (Windows 7 vs 10) so malicious actors will test their malware in the environment(s) where they most expect it to be executed. [1]

ID: T1357
Sub-techniques:  No sub-techniques
Tactic: Test Capabilities
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Adversary controls the test and defender likely has no visibility.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Adversary can simulate most environments (e.g., variable operating systems, patch levels, application versions) with details available from other techniques.


  1. Morton Christiansen. (2010, May 7). Bypassing Malware Defenses. Retrieved March 9, 2017.