Used by Windows to extract and create archives.
Paths:
- C:\Windows\System32\tar.exe
Resources:
Detection:
- IOC: tar.exe extracting files from a remote host within the environment
Copy
Extracts archive.tar from the remote (internal) host (host1) to the current host.
tar -xf \\host1\archive.tar
Usecase: Copy files
Privileges required: User
OS: Windows 10, Windows 11
MITRE ATT&CK®: T1105