An adversary may compress or encrypt data that is collected prior to exfiltration using 3rd party utilities. Many utilities exist that can archive data, including 7-Zip(Citation: 7zip Homepage), WinRAR(Citation: WinRAR Homepage), and WinZip(Citation: WinZip Homepage). Most utilities include functionality to encrypt and/or compress data.
Some 3rd party utilities may be preinstalled, such as tar on Linux and macOS or zip on Windows systems.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| CA-8 | Penetration Testing | Protects | T1560.001 | Archive via Utility |
| RA-5 | Vulnerability Monitoring and Scanning | Protects | T1560.001 | Archive via Utility |
| SC-7 | Boundary Protection | Protects | T1560.001 | Archive via Utility |
| SI-3 | Malicious Code Protection | Protects | T1560.001 | Archive via Utility |
| SI-4 | System Monitoring | Protects | T1560.001 | Archive via Utility |
| action.malware.variety.Export data | Export data to another site or system | related-to | T1560.001 | Archive Collected Data: Archive via Utility |