EXPLORE
Sign In
← Back to Explore
T1027.015

Compression

Adversaries may use compression to obfuscate their payloads or files. Compressed file formats such as ZIP, gzip, 7z, and RAR can compress and archive multiple files together to make it easier and faster to transfer files. In addition to compressing files, adversaries may also compress shellcode directly - for example, in order to store it in a Windows Registry key (i.e., [Fileless Storage](https://attack.mitre.org/techniques/T1027/011)).(Citation: Trustwave Pillowmint June 2020) In order to fur...

LinuxWindowsmacOS
2
Detections
1
Sources
7
Threat Actors

BY SOURCE

2elastic

PROCEDURES (2)

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

THREAT ACTORS (7)

Gamaredon GroupHigaisaLeviathanMofangMoleratsTA2541Threat Group-3390

DETECTIONS (2)

PowerShell Suspicious Payload Encoded and Compressed
elastichigh
Suspicious Content Extracted or Decompressed via Funzip
elasticmedium