HIGH Persistency - 779040014

Prevented (Blocked) ID: #8648 | Detected: 2026-01-05 23:30:20 | Malware
View Incident Back
Alert Overview

Remote shell persistency acquired using the crontab mechanism

Unclassified
XDR Agent
New
DS:PANW/XDR Agent DOM:Security
Host Information
in-bridge-40
172.30.1.19
root
afa8597c6069424e8b26ac7eb3cdaae4
00:0c:29:c8:eb:b6
Process Information Process Execution
Actor Process (Executor)
Process Name sshd
Path /usr/sbin/sshd
PID 169507
SHA256 090ecdb53316ebadc17949e4699540588dcb0896dbb0a8ae93da72a8e20ad781 VT
MD5 ed2dbc5f1b4c5ab0cce023904ed1db69 
sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
Parent Process (Causality)
Process Name sshd
Path /usr/sbin/sshd
SHA256 090ecdb53316ebadc17949e4699540588dcb0896dbb0a8ae93da72a8e20ad781 VT 
sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
MITRE ATT&CK Mapping
TA0004 - Privilege Escalation TA0002 - Execution TA0003 - Persistence
T1053.003 - Scheduled Task/Job: Cron
Quick Actions
View Related Incident View Endpoint Check Hash on VirusTotal Back to Alerts
Severity Analysis
HIGH

High priority investigation needed

Summary
Events 1
IP Addresses 1
Tags 2
File Artifacts Yes
Network Artifacts No
Registry Artifacts No
Analyst Verdict