Windows

Tar.exeTar.exe

Platform
Windows
Abuse functions
3
Mapped techniques
2

Description

Tar.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: ADS, Copy. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1105, T1564.004. Defenders should monitor execution of Tar.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 3

Can be used to evade defensive countermeasures, or to hide as part of a persistence mechanism

Can be used to evade defensive countermeasures, or to hide as part of a persistence mechanism

CopyT1105

Copy files

MITRE ATT&CK techniques· 2

T1564.004T1105

Uses2

TypeTargetConfidenceTier
SubTechniqueNTFS File Attributest1564.004100%live
TechniqueIngress Tool Transfert1105100%live

Abuses1

TypeTargetConfidenceTier
SubTechniqueNTFS File Attributest1564.00490%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
tar
LOLbin
te.exe
LOLbin
At.exe
LOLbin
Expand.exe
LOLbin
Extrac32.exe
LOLbin
Tttracer.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.