Test malware to evade detection

An adversary can run their code on systems with cyber security protections, such as antivirus products, in place to see if their code is detected. They can also test their malware on freely available public services. [1]

ID: T1359
Sub-techniques:  No sub-techniques
Tactic: Test Capabilities
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Adversary controls the testing and can ensure data does not leak with proper OPSEC on testing.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Adversary has the ability to procure products and not have reporting return to vendors or can choose to use freely available services


  1. Damballa Day Before Zero Blog. (2009, December 17). Malware QA and Exploit Testing Services – Virtest.com. Retrieved March 9, 2017.