Compression
Compression is the act of reducing the number of bits needed to represent data.
Attackers may use compression to obfuscate the data being transferred, bundle malware and tools, or a faster upload during exfiltration.
Malware/Threat actors
| Name | Type | Years | Source |
|---|---|---|---|
| Nettraveler | malware | 2004-2013 | kaspersky-the-net-traveler-part1-final.pdf
|
| Jaku | malware | 2015-2016 | report_jaku_analysis_of_botnet_campaign_en_0.pdf
|
| Poison Ivy | malware | 2005-2013 | fireeye-poison-ivy-report.pdf
|
| Careto | threat actor | 2008-2014 | unveilingthemask_v1.0.pdf
|
| Whois Hacking Team | threat actor | 2009-2013 | dissecting-operation-troy.pdf
HPSR%20SecurityBriefing_Episode16_NorthKorea.pdf |
| Regin | malware | 2008-2013 | regin-analysis.pdf
Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf ICIT-Brief-Know-Your-Enemies-2.0.pdf stamp.jsp?tp=&arnumber=7460498&tag=1 |
| APT32 | threat actor | 2014-2017 | SpyRATsofOceanLotusMalwareWhitePaper.pdf
oceanlotus-ships-new-backdoor oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society |
| BlackEnergy | malware | 2015 | ukraine-report-when-the-lights-went-out.pdf
Operation-Potao-Express_final_v2.pdf blackenergy_whitepaper.pdf |
Preventions
<Mitigation techniques>
Detections
<Detection techniques>
Toolkit
<Toolkit instructions, if applicable>