MITRE ATT&CK / T1560
T1560
Archive Collected Data
Collection
Description
An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network.(Citation: DOJ GRU Indictment Jul 2018) Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.Both compression and encryption are done prior to exfiltration, and can be performed using a utility, 3rd party library, or custom method.
Platforms
LinuxmacOSWindows
Mitigations
- M1047 — Audit
Look up any technique
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →