Common Information
| Type | Value |
|---|---|
| Value |
Archive Collected Data - T1560 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network.(Citation: DOJ GRU Indictment Jul 2018) Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender. Both compression and encryption are done prior to exfiltration, and can be performed using a utility, 3rd party library, or custom method. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2021-01-11 | 91 | xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement | ||
| Details | Website | 2020-11-27 | 14 | New MacOS Backdoor Connected to OceanLotus Surfaces | ||
| Details | Website | 2020-10-27 | 49 | North Korean Advanced Persistent Threat Focus: Kimsuky | CISA | ||
| Details | Website | 2020-10-24 | 31 | Emotet Malware | CISA | ||
| Details | Website | 2020-10-22 | 24 | An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques - SentinelLabs | ||
| Details | Website | 2020-09-15 | 22 | Iran-Based Threat Actor Exploits VPN Vulnerabilities | CISA | ||
| Details | Website | 2020-09-10 | 34 | Who is calling? CDRThief targets Linux VoIP softswitches | WeLiveSecurity |