Adversaries may also used compressed or archived scripts, such as JavaScript. The user may also be required to input a password to open a password protected compressed/encrypted file that was provided by the adversary. Sometimes a user's action may be required to open and Deobfuscate/Decode Files or Information for User Execution. These payloads may be used during Initial Access or later to mitigate detection. Payloads may be compressed, archived, or encrypted in order to avoid detection.
This is common behavior that can be used across different platforms and the network to evade defenses. Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit.
