Back to list

Medium CINC-20251220-9AB3B10A new

Aggregate ID: aggind:021368f9220b45cdb2760a069897c1c8:17421985213

Incident ID CINC-20251220-9AB3B10A

Severity Medium (70)

Status new

Alert Count 1

Host Count 1

First Seen 2025-12-14 00:30:24

Last Seen 2025-12-14 00:30:24

Duration 0d 0h 0m

Created 2025-12-20 13:23

Updated 2026-01-13 15:14

Rec... Ini... Exe... Per... Pri... Def... Cre... Dis... Lat... Col... Com... Exf... Imp...

Observed Tactics:

Techniques:

Severity	Status	Hostname	Description	Tactic	Command Line	Time
High	new	siemdev-14	A process appears to be accessing credentials, likely in an attempt to steal passwords. If the activity is not sanctioned, your credentials may have been compromised.	Credential Access	bash -c cat /etc/shadow && unshadow /etc/passwd /etc/shadow 2>/dev/null	12-14 00:30