T1560Techniquecollectionagent-callable

T1560Archive Collected Data

Platforms: Linux · macOS · Windows

ATT&CK version: 14.1

What it is

An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender. Both compression and encryption are done prior to exfiltration, and can be performed using a utility, 3rd party library, or custom method.

ATT&CK tactics· 1

Collection

References

  1. https://attack.mitre.org/techniques/T1560
  2. https://en.wikipedia.org/wiki/List_of_file_signatures
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.
T1560: Archive Collected Data | SQUR Knowledge Base