Details

    • Type: Task
    • Status: To Do
    • Priority: Medium
    • Resolution: Unresolved
    • Labels:
      None
    • datasources:
      Process command-line parameters, Process monitoring, File monitoring, Binary file metadata
    • id:
      T1002
    • tactic:
      exfiltration
    • maturity:
      Not Tracked

      Description

      An adversary may compress data (e.g., sensitive documents) that is collected prior to exfiltration in order to make it portable and minimize the amount of data sent over the network. The compression is done separately from the exfiltration channel and is performed using a custom program or algorithm, or a more common compression library or utility such as 7zip, RAR, ZIP, or zlib.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              Mauricio V.
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: