curl
Transfer data to or from a server. Commonly used for downloading payloads, exfiltration, and C2 communication.
Binary Paths
/usr/bin/curl/bin/curl
Glob Patterns
| Pattern | Wildcards | Notes |
|---|---|---|
cur?
|
? | Single wildcard replaces 'l' |
c*l
|
* | Star matches 'ur' |
cu[r]l
|
[] | Character class around 'r' |
c?r?
|
? | Two wildcards replace 'u' and 'l' |
/usr/bin/cur?
|
? | Full path, wildcard on last char |
/???/bin/curl
|
? | Obfuscate /usr/ prefix |
/usr/*/cur?
|
* ? | Combined wildcards on directory and command |
cur[l]
|
[] | Bracket class on final char |
c[u]rl
|
[] | Bracket class on second char |
/???/???/c*
|
? * | Full path obfuscation with mixed wildcards |