| High |
80% |
ldt |
localhost.localdomain |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-22 01:19 |
|
| High |
80% |
ldt |
localhost.localdomain |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-22 01:19 |
|
| High |
80% |
ldt |
localhost.localdomain |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-22 01:19 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-22 01:17 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-22 01:17 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-22 01:17 |
|
| High |
80% |
ldt |
localhost.localdomain |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-20 22:09 |
|
| High |
80% |
ldt |
localhost.localdomain |
The commands executed on this CLI are suspicious and may be related to malicious activity. Review the commands to see if they are expected. |
Execution |
12-20 22:09 |
|
| Critical |
50% |
ldt |
localhost.localdomain |
A reverse shell has been detected on your host. It may provide adversaries with an interactive terminal. Check the process tree to determine if this access was expected. |
Execution |
12-20 22:09 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 22:09 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 22:09 |
|
| High |
80% |
ldt |
localhost.localdomain |
A process accessed data from the local file system. This might indicate an attempt to steal information. Review the accessed files and process tree. |
Collection |
12-20 21:57 |
|
| High |
80% |
ldt |
localhost.localdomain |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-20 21:57 |
|
| High |
80% |
ldt |
localhost.localdomain |
A webshell has been detected on your host. It may provide adversaries a set of functions to execute or a command-line interface on the system. Please check the process tree to determine if malicious commands were executed or if this access was expected. |
Persistence |
12-20 21:54 |
|
| High |
80% |
ldt |
localhost.localdomain |
The activity may be related to an adversary exfiltrating data from this host. Validate whether this data transfer is sanctioned. |
Exfiltration |
12-20 21:54 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:53 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:53 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:49 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:49 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:48 |
|
| High |
80% |
ldt |
localhost.localdomain |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-20 21:48 |
|
| High |
80% |
ldt |
localhost.localdomain |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-20 21:48 |
|
| High |
80% |
ldt |
localhost.localdomain |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-20 21:48 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:48 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:48 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:48 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:44 |
|
| High |
80% |
ldt |
localhost.localdomain |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-20 21:44 |
|
| High |
80% |
ldt |
localhost.localdomain |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-20 21:42 |
|
| Critical |
50% |
ldt |
localhost.localdomain |
A reverse shell has been detected on your host. It may provide adversaries with an interactive terminal. Check the process tree to determine if this access was expected. |
Execution |
12-20 21:39 |
|
| High |
80% |
ldt |
localhost.localdomain |
The commands executed on this CLI are suspicious and may be related to malicious activity. Review the commands to see if they are expected. |
Execution |
12-20 21:39 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:39 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:39 |
|
| High |
80% |
ldt |
localhost.localdomain |
A webshell has been detected on your host. It may provide adversaries a set of functions to execute or a command-line interface on the system. Please check the process tree to determine if malicious commands were executed or if this access was expected. |
Persistence |
12-20 21:39 |
|
| High |
80% |
ldt |
localhost.localdomain |
A webshell has been detected on your host. It may provide adversaries a set of functions to execute or a command-line interface on the system. Please check the process tree to determine if malicious commands were executed or if this access was expected. |
Persistence |
12-20 21:39 |
|
| High |
80% |
ldt |
localhost.localdomain |
A webshell has been detected on your host. It may provide adversaries a set of functions to execute or a command-line interface on the system. Please check the process tree to determine if malicious commands were executed or if this access was expected. |
Persistence |
12-20 21:39 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 16:03 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 16:00 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 15:58 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 15:56 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 15:54 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 15:51 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 15:49 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 15:47 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 15:44 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 15:42 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 15:40 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 15:37 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 15:35 |
|
| High |
80% |
ldt |
localhost.localdomain |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 15:35 |
|