tar

Linux exfiltration T1560.001

Archive utility. Used to compress and exfiltrate data, or extract attacker-controlled archives that may include path traversal payloads.

Binary Paths

  • /bin/tar
  • /usr/bin/tar

Glob Patterns

Pattern Wildcards Notes
ta?
? Wildcard replaces 'r'
t*r
* Star matches 'a'
t[a]r
[] Bracket class on second char
ta[r]
[] Bracket class on last char
/bin/ta?
? Full path wildcard
/???/bin/tar
? Directory obfuscation
/b?n/t*r
? * Mixed wildcards

Resources

← Back to Catalog