logo

Defence Impairment Olympics

ID: f2d93fb4-8731-52ac-80de-d91cb35f6834

STIX ID: report--f2d93fb4-8731-52ac-80de-d91cb35f6834

Feed Name: Huntress Blog

Threat Score
75/100

Date Published: 2026-06-29

Date Updated: 2026-07-02

...
...

Huntress investigated a web server compromise where attackers uploaded steganographic webshells (multiple .aspx/.php files) and executed a defence-impairment batch script (i.bat) that disabled IIS logging and Microsoft Defender, killed logging/security processes, removed a WAF module, used timestomping, applied IFEO debuggers, attempted WMI-based log clearing, and dumped credentials using Mimikatz-related tools; the report details observed commands, registry modifications, cleanup steps, and provides IoCs and mitigation recommendations.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.