Execute malware under controlled conditions to analyze its functionality.
Malware can be detonated in a controlled and safe environment. Clear goals and safety procedures should always be established before detonation to ensure that the operation is focused and safe. The malware can be detonated in an execution environment ranging from a somewhat sterile commercial malware execution appliance to a bespoke engagement environment crafted to support an extended engagement.
Outcomes of a malware detonation operation can include new IOCs collected during dynamic analysis, additional TTPs elicited by detonating the malware in a target rich environment, and/or negative impacts to the adversary and their operation. These outcomes can be used to produce new analytics for high-fidelity analytics.
|ATT&CK® Tactics||Adversary Vulnerability Presented|
|Command and Control, Defense Evasion, Execution, Impact||When the adversary's malware is detonated they may be encouraged to operate in an unintended environment.|
|Defense Evasion, Execution||When the adversary's malware is detonated, they are vulnerable to dynamic analysis including revealing how the malware interacts with system resources.|
|Command and Control||When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to reveal their targetting preferences and capabilities|