Obfuscated Files or Information

Sub-techniques (17)

ID	Name
ATAGS-T1104.001	Binary Padding
ATAGS-T1104.002	Command Obfuscation
ATAGS-T1104.003	Compile After Delivery
ATAGS-T1104.004	Compression
ATAGS-T1104.005	Dynamic API Resolution
ATAGS-T1104.006	Embedded Payloads
ATAGS-T1104.007	Encrypted/Encoded File
ATAGS-T1104.008	Fileless Storage
ATAGS-T1104.009	HTML Smuggling
ATAGS-T1104.010	Indicator Removal from Tools
ATAGS-T1104.011	Junk Code Insertion
ATAGS-T1104.012	LNK Icon Smuggling
ATAGS-T1104.013	Polymorphic Code
ATAGS-T1104.014	Software Packing
ATAGS-T1104.015	Steganography
ATAGS-T1104.016	Stripped Payloads
ATAGS-T1104.017	SVG Smuggling

Threat actors may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.

ID: ATAGS-T1104

Sub-techniques: ATAGS-T1104.001, ATAGS-T1104.002, ATAGS-T1104.003, ATAGS-T1104.004, ATAGS-T1104.005, ATAGS-T1104.006, ATAGS-T1104.007, ATAGS-T1104.008, ATAGS-T1104.009, ATAGS-T1104.010, ATAGS-T1104.011, ATAGS-T1104.012, ATAGS-T1104.013, ATAGS-T1104.014, ATAGS-T1104.015, ATAGS-T1104.016, ATAGS-T1104.017

ⓘ

Tactic: Defense Evasion

ⓘ

Targeted Components: Software

ⓘ

Responsibility: Provider

Created: 18 April 2026

Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.