We have been seeing a lot of events on one of the Linux host and they all have same details are successfully handled. This is an Artimis detection. I assume curl is trying to execute some commands however, I'm not sure how to troubleshoot this scenario and get to the root cause of it. As per Virutotal Information, this appears to be crypto Mining related attempt.
Please advise how can we investigate
- What curl is trying to execute
- Where these jobs are scheduled to run and what are they
Re: Malware events triggering frequently on CentOS
Not sure if its been shared with others I have validated in SIEM if there are any connections to this server from outside or not however, couldn't find any suspicious connections. They are getting detected \ deleted and there are no pending deletion malware events so would scanning the server offline be still helpful ? These are generating almost every min.
So I was looking for some guidance on how to check curl execution history and some commands which will be helpful to see process is creating it.