Obfuscated Files or Information: Binary Padding

Other sub-techniques of Obfuscated Files or Information (17)

ID	Name
ATAGS-T1104.001	Binary Padding
ATAGS-T1104.002	Command Obfuscation
ATAGS-T1104.003	Compile After Delivery
ATAGS-T1104.004	Compression
ATAGS-T1104.005	Dynamic API Resolution
ATAGS-T1104.006	Embedded Payloads
ATAGS-T1104.007	Encrypted/Encoded File
ATAGS-T1104.008	Fileless Storage
ATAGS-T1104.009	HTML Smuggling
ATAGS-T1104.010	Indicator Removal from Tools
ATAGS-T1104.011	Junk Code Insertion
ATAGS-T1104.012	LNK Icon Smuggling
ATAGS-T1104.013	Polymorphic Code
ATAGS-T1104.014	Software Packing
ATAGS-T1104.015	Steganography
ATAGS-T1104.016	Stripped Payloads
ATAGS-T1104.017	SVG Smuggling

Threat Actors may use binary padding to add junk data and change the on-disk representation of malware. This can be done without affecting the functionality or behavior of a binary, but can increase the size of the binary beyond what some security tools are capable of handling due to file size limitations.

ID: ATAGS-T1104.001

Sub-technique of: ATAGS-T1104

ⓘ

Tactic: Defense Evasion

ⓘ

Targeted Components: Software

ⓘ

Responsibility: Provider

Created: 18 April 2026

Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.