T1560.003SubTechniquecollectionagent-callable

T1560.003Archive via Custom Method

Sub-technique of T1560

Platforms: Linux · macOS · Windows

ATT&CK version: 14.1

What it is

An adversary may compress or encrypt data that is collected prior to exfiltration using a custom method. Adversaries may choose to use custom archival methods, such as encryption with XOR or stream ciphers implemented with no external library or utility references. Custom implementations of well-known compression algorithms have also been used.(Citation: ESET Sednit Part 2)

ATT&CK tactics· 1

Collection

References

  1. https://attack.mitre.org/techniques/T1560/003
  2. http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.