{'created': '2017-05-31T21:30:19.338Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': 'An adversary may compress data (e.g., sensitive documents) '
                'that is collected prior to exfiltration in order to make it '
                'portable and minimize the amount of data sent over the '
                'network. The compression is done separately from the '
                'exfiltration channel and is performed using a custom program '
                'or algorithm, or a more common compression library or utility '
                'such as 7zip, RAR, ZIP, or zlib.',
 'external_references': [{'external_id': 'T1002',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/techniques/T1002'},
                         {'description': 'Wikipedia. (2016, March 31). List of '
                                         'file signatures. Retrieved April 22, '
                                         '2016.',
                          'source_name': 'Wikipedia File Header Signatures',
                          'url': 'https://en.wikipedia.org/wiki/List_of_file_signatures'}],
 'id': 'attack-pattern--b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4',
 'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
                        'phase_name': 'exfiltration'}],
 'modified': '2025-10-24T17:49:17.460Z',
 'name': 'Data Compressed',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'revoked': True,
 'spec_version': '2.1',
 'type': 'attack-pattern',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_deprecated': False,
 'x_mitre_detection': '',
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_is_subtechnique': False,
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_platforms': ['Linux', 'Windows', 'macOS'],
 'x_mitre_version': '1.1'}