T1560.003: Archive via Custom Method
Essential information
- MITRE technique ID
T1560.003- Confidence
- 100/100
- Revoked
- No
- Published
- 20/02/2020 22:09
- Modified
- 27/03/2026 01:08
- Author / Source
- The MITRE Corporation
Platforms
windows macos linux
Description
An adversary may compress or encrypt data that is collected prior to exfiltration using a custom method. Adversaries may choose to use custom archival methods, such as encryption with XOR or stream ciphers implemented with no external library or utility references. Custom implementations of well-known compression algorithms have also been used.(Citation: ESET Sednit Part 2)
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | collection |
Marking (TLP)
Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.