Test signature detection for file upload/email filters

An adversary can test their planned method of attack against existing security products such as email filters or intrusion detection sensors (IDS). [1]

ID: T1361

Tactic: Test Capabilities

Version: 1.0

Detection

Detectable by Common Defenses (Yes/No/Partial): Yes

Explanation: Use of sites like [https://www.virustotal.com VirusTotal] to test signature detection often occurs to test detection. Defender can also look for newly added uploads as a precursor to an adversary's launch of an attack.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Current open source technologies and websites exist to facilitate adversary testing of malware against signatures.

References

  1. Kim Zetter. (14, September 2). A Google Site Meant to Protect You Is Helping Hackers Attack You. Retrieved March 9, 2017.