JUST RELEASED: ATT&CK for Industrial Control Systems
TECHNIQUES
PRE-ATT&CK
Priority Definition Planning
Priority Definition Direction
Target Selection
Technical Information Gathering
People Information Gathering
Organizational Information Gathering
Technical Weakness Identification
People Weakness Identification
Organizational Weakness Identification
Adversary OPSEC
Establish & Maintain Infrastructure
Persona Development
Build Capabilities
Test Capabilities
Stage Capabilities
Enterprise
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Collection
Command and Control
Exfiltration
Impact
Mobile
Initial Access
Persistence
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Impact
Collection
Exfiltration
Command and Control
Network Effects
Remote Service Effects
  1. Home
  2. Techniques
  3. PRE-ATT&CK
  4. Test signature detection for file upload/email filters

Test signature detection for file upload/email filters

An adversary can test their planned method of attack against existing security products such as email filters or intrusion detection sensors (IDS). [1]

ID: T1361
Tactic: Test Capabilities
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018

Detection

Detectable by Common Defenses (Yes/No/Partial): Yes

Explanation: Use of sites like [https://www.virustotal.com VirusTotal] to test signature detection often occurs to test detection. Defender can also look for newly added uploads as a precursor to an adversary's launch of an attack.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Current open source technologies and websites exist to facilitate adversary testing of malware against signatures.

References

  1. Kim Zetter. (14, September 2). A Google Site Meant to Protect You Is Helping Hackers Attack You. Retrieved March 9, 2017.