TI Mindmap HUB
Threat Intelligence Report

Flask C2 & MSSQL CLR Backdoor on a Windows Post-Exploitation Staging Host

๐Ÿ“… June 14, 2026 ๐Ÿ“ฐ the-hunters-ledger.com ๐Ÿ” 1 CVE(s) referenced

A single-host, idle campaign combines a bespoke, sandbox-evasive MSSQL CLR backdoor and a minimalist Flask C2 with public privilege-escalation tools to enable SYSTEM-to-domain compromise on Windows targets, yet currently shows no confirmed victims or active operations.

unclassified
CVE-2026-20817

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

๐Ÿ” Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

๐Ÿ“Š Visual Mindmap
๐ŸŽฏ IOC Extraction
โš”๏ธ MITRE ATT&CK TTPs
๐Ÿ“ฆ STIX 2.1 Bundle