Unix5 abuse funcs
tartar
Platform
Unix
Abuse functions
5
Description
tar is a Unix living-off-the-land binary catalogued by the GTFOBins. Documented abuse functions: download, file-read, file-write, shell, upload. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1005, T1059, T1105, T1565, T1567. Defenders should monitor execution of tar under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.
Abuse functions· 5
download
sudosuidunprivileged
file-read
sudosuidunprivileged
file-write
sudosuidunprivileged
shell
sudosuidunprivileged
upload
sudosuidunprivileged
Abuses5
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Technique | Data from Local Systemt1005 | 100% | live |
| Technique | Exfiltration Over Web Servicet1567 | 100% | live |
| Technique | Data Manipulationt1565 | 100% | live |
| Technique | Command and Scripting Interpretert1059 | 90% | live |
| Technique | Ingress Tool Transfert1105 | 85% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.