Evade Analysis Environment (T1523)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Evade Analysis Environment

Associated Tactics

  • Defense Evasion
  • Discovery

Defense Evasion (TA0030)

The adversary is trying to avoid being detected. Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation. Defense evasion may be considered a set of attributes the adversary applies to all other phases of the operation.

View on ATT&CK

Procedure Examples

Description Source(s)
Chen Yu et al. . (2017, April 13). Android malware anti-emulation techniques. Retrieved October 2, 2019. Sophos Anti-emulation
Claud Xiao. (2016, February 21). Pirated iOS App Store’s Client Successfully Evaded Apple iOS Code Review. Retrieved December 12, 2016. Xiao-ZergHelper
Jeff Stone. (2019, January 18). Sneaky motion-detection feature found on Android malware. Retrieved October 2, 2019. Cyberscoop Evade Analysis January 2019
ThreatFabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved September 18, 2019. ThreatFabric Cerberus
Tim Strazzere. (n.d.). Android Anti-Emulator. Retrieved October 2, 2019. Github Anti-emulator
Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019. Talos Gustuff Apr 2019