Obfuscated Files or Information: Command Obfuscation

Other sub-techniques of Obfuscated Files or Information (17)

ID	Name
ATAGS-T1104.001	Binary Padding
ATAGS-T1104.002	Command Obfuscation
ATAGS-T1104.003	Compile After Delivery
ATAGS-T1104.004	Compression
ATAGS-T1104.005	Dynamic API Resolution
ATAGS-T1104.006	Embedded Payloads
ATAGS-T1104.007	Encrypted/Encoded File
ATAGS-T1104.008	Fileless Storage
ATAGS-T1104.009	HTML Smuggling
ATAGS-T1104.010	Indicator Removal from Tools
ATAGS-T1104.011	Junk Code Insertion
ATAGS-T1104.012	LNK Icon Smuggling
ATAGS-T1104.013	Polymorphic Code
ATAGS-T1104.014	Software Packing
ATAGS-T1104.015	Steganography
ATAGS-T1104.016	Stripped Payloads
ATAGS-T1104.017	SVG Smuggling

Threat Actors may obfuscate content during command execution to impede detection. Command-line obfuscation is a method of making strings and patterns within commands and scripts more difficult to signature and analyze. This type of obfuscation can be included within commands executed by delivered payloads (e.g., Phishing and Drive-by Compromise) or interactively via Command and Scripting Interpreter.

ID: ATAGS-T1104.002

Sub-technique of: ATAGS-T1104

ⓘ

Tactic: Defense Evasion

ⓘ

Targeted Components: Software

ⓘ

Responsibility: Provider

Created: 18 April 2026

Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.