tar

Linux exfiltration T1560.001

Archive utility. Used to compress and exfiltrate data, or extract attacker-controlled archives that may include path traversal payloads.

Binary Paths

  • /bin/tar
  • /usr/bin/tar

Glob Patterns

Pattern Notes
ta?
Wildcard replaces 'r'
t*r
Star matches 'a'
t[a]r
Bracket class on second char
ta[r]
Bracket class on last char
/bin/ta?
Full path wildcard
/???/bin/tar
Directory obfuscation
/b?n/t*r
Mixed wildcards

Pattern Tester

$

Try typing tar or a full path like /bin/tar

YARA Rule

Auto-generated detection rule for tar 

      

    


    

    
    

      
Resources

      
    

    

    

  


  

    
    
    
    
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
      
    
      
    

      
      
        ← Previous
        strace
      
      

      Catalog

      
      
        Next →
        vim