| ID | Name |
|---|---|
| ATAGS-T1167.001 | Archive via Utility |
| ATAGS-T1167.002 | Archive via Library |
| ATAGS-T1167.003 | Archive via Custom Method |
Threat Actors may compress or encrypt data that is collected prior to exfiltration using 3rd party libraries. Many libraries exist that can archive data, including Python rarfile , libzip , and zlib . Most libraries include functionality to encrypt and/or compress data.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.