ET MALWARE Mystic Stealer C2 Session Key Response Packet
Sourceet/open
Fileemerging-malware.rules
CreatedJune 16, 2023
UpdatedMarch 14, 2024
Classificationtrojan-activity
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Mystic Stealer C2 Session Key Response Packet"; flow:established,to_client ; flowbits:isset, mystic_stealer_conn_init ; dsize:256; stream_size:client,=,5 ; stream_size:server,=,257 ; reference:md5,df80b1e50cfebb0c4dbf5ac51c5d7254 ; reference:url,inquest.net/blog/2023/06/15/mystic-stealer-new-kid-block ; reference:url,www.zscaler.com/blogs/security-research/mystic-stealer ; classtype:trojan-activity; sid:2046295; rev:3; metadata:attack_target Client_Endpoint, created_at 2023_06_16, deployment Perimeter, malware_family Mystic, performance_impact Significant, confidence Medium, signature_severity Major, tag Stealer, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_14;)
References
| md5 | df80b1e50cfebb0c4dbf5ac51c5d7254 |
| url | inquest.net/blog/2023/06/15/mystic-stealer-new-kid-block |
| url | www.zscaler.com/blogs/security-research/mystic-stealer |
Metadata
attack targetClient_Endpoint
created at2023_06_16
deploymentPerimeter
malware familyMystic
performance impactSignificant
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_14
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!