T1560 - Archive Collected Data
Tactics:
Collection
Collection
Platforms:
Linux macOS Windows
Linux macOS Windows
Detection:
Not specified
Not specified
Description:
An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network.(Citation: DOJ GRU Indictment Jul 2018) Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Both compression and encryption are done prior to exfiltration, and can be performed using a utility, 3rd party library, or custom method.
Both compression and encryption are done prior to exfiltration, and can be performed using a utility, 3rd party library, or custom method.
Used by Actors (13)
Malware (20)
Bumblebee other
Exaramel for Windows other
JumbledPath other
Backdoor.Oldrea other
Lurid other
AppleSeed other
NETWIRE other
Aria-body other
Machete other
PowerLess other
Prikormka other
LoFiSe other
VERMIN other
Chrommme other
RunningRAT other
Epic other
LightNeuron other
TAINTEDSCRIBE other
Spica other
KONNI other
Metadata
| MITRE ID: | T1560 |
| STIX ID: | attack-pattern--53ac20cd-aca3-... |
| Platforms: | Linux, macOS, Windows |
| Created: | 13/01/2026 17:48 |
| Updated: | 21/04/2026 16:00 |