Obfuscated Files or Information: Compression

Other sub-techniques of Obfuscated Files or Information (17)

ID	Name
ATAGS-T1104.001	Binary Padding
ATAGS-T1104.002	Command Obfuscation
ATAGS-T1104.003	Compile After Delivery
ATAGS-T1104.004	Compression
ATAGS-T1104.005	Dynamic API Resolution
ATAGS-T1104.006	Embedded Payloads
ATAGS-T1104.007	Encrypted/Encoded File
ATAGS-T1104.008	Fileless Storage
ATAGS-T1104.009	HTML Smuggling
ATAGS-T1104.010	Indicator Removal from Tools
ATAGS-T1104.011	Junk Code Insertion
ATAGS-T1104.012	LNK Icon Smuggling
ATAGS-T1104.013	Polymorphic Code
ATAGS-T1104.014	Software Packing
ATAGS-T1104.015	Steganography
ATAGS-T1104.016	Stripped Payloads
ATAGS-T1104.017	SVG Smuggling

Threat Actors may use compression to obfuscate their payloads or files. Compressed file formats such as ZIP, gzip, 7z, and RAR can compress and archive multiple files together to make it easier and faster to transfer files. In addition to compressing files, Threat Actors may also compress shellcode directly - for example, in order to store it in a Windows Registry key (i.e., Fileless Storage).

ID: ATAGS-T1104.004

Sub-technique of: ATAGS-T1104

ⓘ

Tactic: Defense Evasion

ⓘ

Targeted Components: Software

ⓘ

Responsibility: Provider

Created: 18 April 2026

Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.