| ID | Name |
|---|---|
| ATAGS-T1167.001 | Archive via Utility |
| ATAGS-T1167.002 | Archive via Library |
| ATAGS-T1167.003 | Archive via Custom Method |
Threat Actors may compress or encrypt data that is collected prior to exfiltration using a custom method. Threat Actors may choose to use custom archival methods, such as encryption with XOR or stream ciphers implemented with no external library or utility references. Custom implementations of well-known compression algorithms have also been used.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.