Home/ MITRE Matrix/ Collection/ T1560

T1560Archive Collected Data

T1560 — Archive Collected Data is a MITRE ATT&CK technique in the Collection tactic. Clankerusecase tracks 4 detection use cases covering it and 3 threat-intel articles citing it.

Collection

View on the matrix → Filter Detection Library MITRE official spec ↗

4Use cases

3Articles

3Sub-techniques

1Tactic

Sub-techniques (3)

T1560.003 · Archive via Custom Method T1560.002 · Archive via Library T1560.001 · Archive via Utility

Use cases covering this technique (4)

Detect Certipy File Modifications ESCU actions · alerting P Windows Archive Collected Data via Powershell ESCU actions · hunting P Windows Archived Collected Data In TEMP Folder ESCU actions · hunting P [LLM] Outbound upload to file.io from non-browser process (CompactGopher exfil) Bespoke actions · alerting DSΣPDDCS

Articles citing this technique (3)

crit A rigged game: ScarCruft compromises gaming platform in a supply-chain attack art-332

crit GopherWhisper: A burrow full of malware art-362

crit LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan art-642