MEDIUM Perl script connecting to network

Detected ID: #31724 | Detected: 2026-01-13 15:19:56 | Execution
View Incident Back
Alert Overview

Process action type = execution AND target process cmd = *socket*connect*sock_stream*, *socket*sock_stream*connect* AND target process name = perl

Unclassified
XDR BIOC
New
DS:PANW/XDR Agent DOM:Security
Host Information
in-bridge-40
172.30.1.19
in-bridge-40\dsst
afa8597c6069424e8b26ac7eb3cdaae4
-
Process Information Process Execution
Actor Process (Executor)
Process Name timeout
Path /usr/bin/timeout
PID 570540
SHA256 8d21b4cf1b204cc2387377a63c542ecdd0ae0895613db67ceb7da1e253110741 VT
MD5 aad1cf7dc891dcc413cb85200ba3116d 
timeout 2 perl -e use Socket;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));connect(S,sockaddr_in(4444,inet_aton("10.10.10.10")));
Action Process (Target)
Process Name perl
SHA256 367271e451185cad9ba61d13aa9bcbc60f880814eb77e171cbecf05f9077badd VT 
perl -e use Socket;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));connect(S,sockaddr_in(4444,inet_aton("10.10.10.10")));
Parent Process (Causality)
Process Name sshd
Path /usr/sbin/sshd
SHA256 090ecdb53316ebadc17949e4699540588dcb0896dbb0a8ae93da72a8e20ad781 VT
MD5 ed2dbc5f1b4c5ab0cce023904ed1db69 
sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
MITRE ATT&CK Mapping
TA0002 - Execution
T1059.004 - Command and Scripting Interpreter: Unix Shell
Quick Actions
View Related Incident View Endpoint Check Hash on VirusTotal Back to Alerts
Severity Analysis
MEDIUM

Review and assess impact

Summary
Events 1
IP Addresses 1
Tags 2
File Artifacts Yes
Network Artifacts No
Registry Artifacts No
Analyst Verdict