[arafsheikh]

That makes sense. So given that the attacker is technically sophisticated in this case, what are the tangible benefits of publishing the fingerprints?

I guess one benefit might be to push the development of new detection techniques to detect the underlying implementation of these tools.

[judge2020]

The biggest advantage is that it would allow orgs to audit all applications that have been fingerprinted within their org and see if they might have been attacked as well.

[Kalium]

Some of the fingerprints are easily gotten around by fudging the binaries a bit. Others, like snort rules, look at things like network traffic that might not always be so easily disguised.