ITM is an open framework - Submit your contributions now.

Preparation

Archive Data

Authorization Token Staging

Boot Order Manipulation

CCTV Enumeration

Circumventing Security Controls

Data Obfuscation

Data Staging

Device Mounting

Email Collection

External Media Formatting

File Download

File Exploration

Impersonation

Increase Privileges

Privilege Escalation through Kerberoasting

IT Ticketing System Exploration

Network Scanning

On-Screen Data Collection

Persistent Access via Bots

Physical Disk Removal

Physical Exploration

Physical Item Smuggling

Private / Incognito Browsing

Read Windows Registry

Remote Desktop (RDP)

Security Software Enumeration

Social Engineering (Outbound)

Software Installation

Software or Access Request

Suspicious Web Browsing

Testing Ability to Print

ID: PR017
Created: 31st May 2024
Updated: 23rd October 2025
Platforms: WindowsLinuxMacOS
MITRE ATT&CK®: T1560T1560.001T1560.002T1560.003
Contributor: The ITM Team

Archive Data

A subject uses utilities to compress and/or encrypt collected data prior to exfiltration.

Subsections (4)

ID	Name	Description
PR017.003	Archive via Compression	A subject uses utilities to compress collected data prior to exfiltration.
PR017.004	Archive via Encryption	A subject uses utilities to encrypt collected data prior to exfiltration.
PR017.002	Archive via Library	A subject uses utilities to compress and/or encrypt collected data prior to exfiltration.
PR017.001	Archive via Utility	A subject uses utilities to compress and/or encrypt collected data prior to exfiltration.

Preventions (2)

Detections (1)

MITRE ATT&CK® Mapping (4)

ATT&CK Enterprise Matrix Version 17.1