We're updating the issue view to help you get more done. 

Data Compressed

Description

An adversary may compress data (e.g., sensitive documents) that is collected prior to exfiltration in order to make it portable and minimize the amount of data sent over the network. The compression is done separately from the exfiltration channel and is performed using a custom program or algorithm, or a more common compression library or utility such as 7zip, RAR, ZIP, or zlib.

id

T1002

tactic

exfiltration

datasources

Process command-line parameters
Process monitoring
File monitoring
Binary file metadata

maturity

Not Tracked

Assignee

Unassigned
Configure