| High |
80% |
ldt |
siemdev-14 |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-22 01:19 |
|
| High |
80% |
ldt |
siemdev-14 |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-22 01:19 |
|
| High |
80% |
ldt |
siemdev-14 |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-22 01:19 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-22 01:17 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-22 01:17 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-22 01:17 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 22:17 |
|
| High |
80% |
ldt |
siemdev-14 |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-20 22:09 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 22:09 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 22:09 |
|
| High |
80% |
ldt |
siemdev-14 |
A script launched with a command line that is often associated with Cryptomining software. If this is unexpected, review the process tree. |
Execution |
12-20 22:08 |
|
| High |
80% |
ldt |
siemdev-14 |
An attempt to download malicious files from the command-line interface has been detected on your host. Adversaries might use curl or wget to download additional payloads in case of compromise. Please review the event to determine if malicious files were downloaded or if this access was expected. |
Command and Control |
12-20 22:08 |
|
| High |
80% |
ldt |
siemdev-14 |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-20 21:57 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:56 |
|
| High |
80% |
ldt |
siemdev-14 |
A webshell has been detected on your host. It may provide adversaries a set of functions to execute or a command-line interface on the system. Please check the process tree to determine if malicious commands were executed or if this access was expected. |
Persistence |
12-20 21:54 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:53 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:53 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:53 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:49 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:49 |
|
| High |
80% |
ldt |
siemdev-14 |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-20 21:48 |
|
| High |
80% |
ldt |
siemdev-14 |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-20 21:48 |
|
| High |
80% |
ldt |
siemdev-14 |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-20 21:48 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:48 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:48 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:48 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:44 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:44 |
|
| High |
80% |
ldt |
siemdev-14 |
A process attempted to contact a remote command and control server. This may indicate the host is compromised. |
Command and Control |
12-20 21:40 |
|
| High |
80% |
ldt |
siemdev-14 |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-20 21:40 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:40 |
|
| Critical |
50% |
ldt |
siemdev-14 |
A reverse shell has been detected on your host. It may provide adversaries with an interactive terminal. Check the process tree to determine if this access was expected. |
Execution |
12-20 21:40 |
|
| High |
80% |
ldt |
siemdev-14 |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-20 21:40 |
|
| High |
80% |
ldt |
siemdev-14 |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-20 21:40 |
|
| High |
80% |
ldt |
siemdev-14 |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-20 21:40 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:40 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:40 |
|
| High |
80% |
ldt |
siemdev-14 |
The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. |
Persistence |
12-20 21:40 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:40 |
|
| High |
80% |
ldt |
siemdev-14 |
The commands executed on this CLI are suspicious and may be related to malicious activity. Review the commands to see if they are expected. |
Execution |
12-20 21:39 |
|
| Critical |
50% |
ldt |
siemdev-14 |
A reverse shell has been detected on your host. It may provide adversaries with an interactive terminal. Check the process tree to determine if this access was expected. |
Execution |
12-20 21:39 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:39 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:39 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:39 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:39 |
|
| High |
80% |
ldt |
siemdev-14 |
A webshell has been detected on your host. It may provide adversaries a set of functions to execute or a command-line interface on the system. Please check the process tree to determine if malicious commands were executed or if this access was expected. |
Persistence |
12-20 21:39 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:39 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:39 |
|
| High |
80% |
ldt |
siemdev-14 |
A webshell has been detected on your host. It may provide adversaries a set of functions to execute or a command-line interface on the system. Please check the process tree to determine if malicious commands were executed or if this access was expected. |
Persistence |
12-20 21:39 |
|
| High |
80% |
ldt |
siemdev-14 |
Bash has created an interactive terminal for a remote host. Check the process tree to determine if malicious commands were executed and if this access was expected. |
Command and Control |
12-20 21:39 |
|