216.73.217.80

T1560.003: Archive via Custom Method

View on MITRE ATT&CK The MITRE Corporation · Published 20/02/2020 22:09 · Modified 27/03/2026 01:08

Essential information

MITRE technique ID
T1560.003
Confidence
100/100
Revoked
No
Published
20/02/2020 22:09
Modified
27/03/2026 01:08
Author / Source
The MITRE Corporation

Platforms

windows macos linux

Description

An adversary may compress or encrypt data that is collected prior to exfiltration using a custom method. Adversaries may choose to use custom archival methods, such as encryption with XOR or stream ciphers implemented with no external library or utility references. Custom implementations of well-known compression algorithms have also been used.(Citation: ESET Sednit Part 2)

Kill chain phases

Kill chainPhase
mitre-attack collection

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references