T1560 Archive Collected Data Mappings

An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.

Both compression and encryption are done prior to exfiltration, and can be performed using a utility, 3rd party library, or custom method.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CA-8 Penetration Testing Protects T1560 Archive Collected Data
RA-5 Vulnerability Monitoring and Scanning Protects T1560 Archive Collected Data
SC-7 Boundary Protection Protects T1560 Archive Collected Data
SI-3 Malicious Code Protection Protects T1560 Archive Collected Data
SI-4 System Monitoring Protects T1560 Archive Collected Data
azure_sentinel Azure Sentinel technique_scores T1560 Archive Collected Data

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1560.001 Archive via Utility 5