Alert Details - DeFender X

Alert Information High

Alert ID: ind:b4ebfd0a1e2447bcb45b3b72c5794e0e:36350827-5733-903184
Composite ID: 84393bf974fd44bda943a25a6a7bc27f:ind:b4ebfd0a1e2447bcb45b3b72c5794e0e:36350827-5733-903184
설명: A file written to the file system meets the on-sensor machine learning high confidence threshold for malicious files. Detection is based on a high degree of entropy, packing, anti-malware evasion, or other similarity to known malware.
호스트: DWSHIN
상태: new
생성 시간: 2025-12-09 11:32:34
업데이트 시간: 2025-12-09 12:31:34

MITRE ATT&CK

Tactic: Machine Learning
Technique: Sensor-based ML

Command Line

C:\Windows\Explorer.EXE

Raw JSON Data

{"id":"ind:b4ebfd0a1e2447bcb45b3b72c5794e0e:36350827-5733-903184","composite_id":"84393bf974fd44bda943a25a6a7bc27f:ind:b4ebfd0a1e2447bcb45b3b72c5794e0e:36350827-5733-903184","agent_id":"b4ebfd0a1e2447bcb45b3b72c5794e0e","cid":"84393bf974fd44bda943a25a6a7bc27f","description":"A file written to the file system meets the on-sensor machine learning high confidence threshold for malicious files. Detection is based on a high degree of entropy, packing, anti-malware evasion, or other similarity to known malware.","severity":70,"severity_name":"High","confidence":70,"tactic":"Machine Learning","tactic_id":"CSTA0004","technique":"Sensor-based ML","technique_id":"CST0007","cmdline":"C:\\Windows\\Explorer.EXE","filename":"explorer.exe","filepath":"\\Device\\HarddiskVolume3\\Windows\\explorer.exe","sha256":"d1aa0ceb01cca76a88f9ee0c5817d24e7a15ad40768430373ae3009a619e2691","status":"new","type":"ldt","created_timestamp":"2025-12-09T02:32:34.778329826Z","updated_timestamp":"2025-12-09T03:31:34.770647822Z","device":{"device_id":"b4ebfd0a1e2447bcb45b3b72c5794e0e","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.29.20108.0","hostname":"DWSHIN","local_ip":"26.26.26.1","external_ip":"211.198.135.5","mac_address":"00-ff-15-bf-2c-c0","platform_name":"Windows","os_version":"Windows 11"},"aggregate_id":"aggind:b4ebfd0a1e2447bcb45b3b72c5794e0e:1279796","CreatedAt":"2025-12-09T11:32:34.7783298+09:00","UpdatedAt":"2025-12-09T12:31:34.7706478+09:00"}

Quick Info

Severity High
Score 70
Agent ID b4ebfd0a1e2447bcb45b3b72c5794e0e

Actions

Falcon Console에서 보기 목록으로 돌아가기