Defence Impairment Olympics
ID: f2d93fb4-8731-52ac-80de-d91cb35f6834
STIX ID: report--f2d93fb4-8731-52ac-80de-d91cb35f6834
Feed Name: Huntress Blog
Huntress investigated a web server compromise where attackers uploaded steganographic webshells (multiple .aspx/.php files) and executed a defence-impairment batch script (i.bat) that disabled IIS logging and Microsoft Defender, killed logging/security processes, removed a WAF module, used timestomping, applied IFEO debuggers, attempted WMI-based log clearing, and dumped credentials using Mimikatz-related tools; the report details observed commands, registry modifications, cleanup steps, and provides IoCs and mitigation recommendations.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
