Back to list

Medium CINC-20251220-DA5AD570 new

Aggregate ID: aggind:b4aeee57c4b841bc95cb853f0aca95e1:4326828680

Incident Overview

Incident ID CINC-20251220-DA5AD570
Severity Medium (70)
Status new
Alert Count 1
Host Count 1

Timeline

First Seen 2025-12-13 12:31:26
Last Seen 2025-12-13 12:31:26
Duration 0d 0h 0m
Created 2025-12-20 13:23
Updated 2026-01-13 15:14

Kill Chain Analysis

Rec... Ini... Exe... Per... Pri... Def... Cre... Dis... Lat... Col... Com... Exf... Imp...
Observed Tactics:
Execution
Techniques:
Exploitation for Client Execution

Affected Hosts (1)

localhost.localdomain

Related Alerts (1)

Severity Status Hostname Description Tactic Command Line Time
High new localhost.localdomain A defense evasion technique has been detected in this session. Adversaries can make changes to your hosts in order to evade detection or impair investigation. Review the processes executed in this session. Execution bash -c echo '/tmp/evil.so' > /etc/ld.so.preload.test 2>/dev/null; rm -f /etc/ld.so.preload.test 12-13 12:31