TECHNIQUES
- Home
- Techniques
- PRE-ATT&CK
- Test malware in various execution environments
Test malware in various execution environments
Malware may perform differently on different platforms (computer vs handheld) and different operating systems (Ubuntu vs OS X), and versions (Windows 7 vs 10) so malicious actors will test their malware in the environment(s) where they most expect it to be executed. [1]
ID: T1357
Tactic:
Test Capabilities
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018
Detection
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: Adversary controls the test and defender likely has no visibility.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: Adversary can simulate most environments (e.g., variable operating systems, patch levels, application versions) with details available from other techniques.
References
- Morton Christiansen. (2010, May 7). Bypassing Malware Defenses. Retrieved March 9, 2017.
×