Archive via Custom Method | Technique Detail

Description

An adversary may compress or encrypt data that is collected prior to exfiltration using a custom method. Adversaries may choose to use custom archival methods, such as encryption with XOR or stream ciphers implemented with no external library or utility references. Custom implementations of well-known compression algorithms have also been used.(Citation: ESET Sednit Part 2)

Threat-Mapped Scoring

Threat Score: 0.0

Industry:

Threat Priority: Unclassified

ATT&CK Kill Chain Metadata

Tactics: collection
Platforms: Linux, macOS, Windows
Detection Guidance:
Custom archival methods can be very difficult to detect, since many of them use standard programming language concepts, such as bitwise operations.

Malware

ADVSTORESHELL
Agent.btz
Attor
BLUELIGHT
Duqu
FLASHFLOOD
FoggyWeb
FrameworkPOS
FunnyDream
HAWKBALL
InvisiMole
MESSAGETAP
Machete
NETWIRE
OSX_OCEANLOTUS.D
Okrum
OopsIE
OwaAuth
RGDoor
Ramsay
RawPOS
Reaver
Rising Sun
SPACESHIP
SUGARDUMP
SombRAT
Squirrelwaffle
StrongPity
Stuxnet
T9000
metaMain

APTs (Intrusion Sets)

CopyKittens
FIN6
Kimsuky
Lazarus Group
Lotus Blossom
Mustang Panda

← Back to Home ← Back to TTP Search