rsync

Linux exfiltration T1048

Fast, versatile file copying tool. Supports remote file sync over SSH — useful for exfiltration, payload staging, and lateral file movement.

Binary Paths

  • /usr/bin/rsync
  • /usr/local/bin/rsync

Glob Patterns

Pattern Notes
rsyn?
Wildcard replaces 'c'
r*c
Star matches 'syn'
rs[y]nc
Bracket class on third char
r?ync
Wildcard replaces 's'
rsyn[c]
Bracket class on last char
/usr/bin/rsyn?
Full path wildcard
/???/bin/r*c
Full path mixed wildcards

Pattern Tester

$

Try typing rsync or a full path like /usr/bin/rsync

YARA Rule

Auto-generated detection rule for rsync 

      

    


    

    
    

      
Resources

      
    

    

    

  


  

    
    
    
    
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
    

      
      
        ← Previous
        replace
      
      

      Catalog

      
      
        Next →
        ruby