ET MALWARE Mystic Stealer C2 Session Key Response Packet

7.0.35.0SID: 2046295Rev: 3Disabled11 views
Sourceet/open
Fileemerging-malware.rules
CreatedJune 16, 2023
UpdatedMarch 14, 2024
Classificationtrojan-activity
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Mystic Stealer C2 Session Key Response Packet"; flow:established,to_client; flowbits:isset, mystic_stealer_conn_init; dsize:256; stream_size:client,=,5; stream_size:server,=,257; reference:md5,df80b1e50cfebb0c4dbf5ac51c5d7254; reference:url,inquest.net/blog/2023/06/15/mystic-stealer-new-kid-block; reference:url,www.zscaler.com/blogs/security-research/mystic-stealer; classtype:trojan-activity; sid:2046295; rev:3; metadata:attack_target Client_Endpoint, created_at 2023_06_16, deployment Perimeter, malware_family Mystic, performance_impact Significant, confidence Medium, signature_severity Major, tag Stealer, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_14;)

Metadata

attack targetClient_Endpoint
created at2023_06_16
deploymentPerimeter
malware familyMystic
performance impactSignificant
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_14

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!