Test signature detection for file upload/email filters

An adversary can test their planned method of attack against existing security products such as email filters or intrusion detection sensors (IDS). [1]

ID: T1361
Sub-techniques:  No sub-techniques
Tactic: Test Capabilities
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): Yes

Explanation: Use of sites like [https://www.virustotal.com VirusTotal] to test signature detection often occurs to test detection. Defender can also look for newly added uploads as a precursor to an adversary's launch of an attack.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Current open source technologies and websites exist to facilitate adversary testing of malware against signatures.


  1. Kim Zetter. (14, September 2). A Google Site Meant to Protect You Is Helping Hackers Attack You. Retrieved March 9, 2017.