{
    "type": "bundle",
    "id": "bundle--a56bff3e-091f-4662-8287-01f8656d02bf",
    "spec_version": "2.0",
    "objects": [
        {
            "x_mitre_domains": [
                "enterprise-attack"
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "id": "course-of-action--28adf6fd-ab6c-4553-9aa7-cef18a191f33",
            "type": "course-of-action",
            "created": "2018-10-17T00:14:20.652Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "external_references": [
                {
                    "external_id": "T1002",
                    "url": "https://attack.mitre.org/mitigations/T1002",
                    "source_name": "mitre-attack"
                },
                {
                    "source_name": "Beechey 2010",
                    "description": "Beechey, J. (2010, December). Application Whitelisting: Panacea or Propaganda?. Retrieved November 18, 2014.",
                    "url": "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"
                },
                {
                    "url": "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html",
                    "description": "Tomonaga, S. (2016, January 26). Windows Commands Abused by Attackers. Retrieved February 2, 2016.",
                    "source_name": "Windows Commands JPCERT"
                },
                {
                    "url": "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm",
                    "description": "NSA Information Assurance Directorate. (2014, August). Application Whitelisting Using Microsoft AppLocker. Retrieved March 31, 2016.",
                    "source_name": "NSA MS AppLocker"
                },
                {
                    "source_name": "Corio 2008",
                    "description": "Corio, C., & Sayana, D. P. (2008, June). Application Lockdown with Software Restriction Policies. Retrieved November 18, 2014.",
                    "url": "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx"
                },
                {
                    "source_name": "TechNet Applocker vs SRP",
                    "description": "Microsoft. (2012, June 27). Using Software Restriction Policies and AppLocker Policies. Retrieved April 7, 2016.",
                    "url": "https://technet.microsoft.com/en-us/library/ee791851.aspx"
                }
            ],
            "modified": "2020-01-17T16:45:23.683Z",
            "name": "Data Compressed Mitigation",
            "description": "Identify unnecessary system utilities, third-party tools, or potentially malicious software that may be used to compress files, and audit and/or block them by using whitelisting (Citation: Beechey 2010) tools, like AppLocker, (Citation: Windows Commands JPCERT) (Citation: NSA MS AppLocker) or Software Restriction Policies (Citation: Corio 2008) where appropriate. (Citation: TechNet Applocker vs SRP)\n\nIf network intrusion prevention or data loss prevention tools are set to block specific file types from leaving the network over unencrypted channels, then an adversary may move to an encrypted channel.",
            "x_mitre_deprecated": true,
            "x_mitre_version": "1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}