Threat Research

    Dissecting UAT-8099: New Persistence Mechanisms and Regional Focus

    UAT-8099 is an active threat actor targeting vulnerable Internet Information Services (IIS) servers across Asia, with a strong focus on Thailand and Vietnam from late 2025 to early 2026. The campaign shows significant overlap with the WEBJACK operation, sharing malware hashes, C2 infrastructure, and victimology....
    1/30/2026  0
    Read More »

    IIS WebServer Log Deletion via CommandLine Utilities

    Detects attempts to remove Internet Information Services (IIS) log files using command‑line tools — a frequently used defense‑evasion tactic where attackers erase evidence of their activity. Adversaries commonly exploit vulnerabilities in web applications hosted on IIS to gain initial access, and then delete IIS logs to hinder forensic analysis and avoid detection....
    10/8/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.