ET MALWARE Mystic Stealer C2 Client Hello Packet

SID: 2046294Rev: 312 viewsHistory

Sourceet/open

CreatedJune 16, 2023

UpdatedJanuary 31, 2024

Classificationtrojan-activity

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Mystic Stealer C2 Client Hello Packet"; flow:established,to_server; content:"|b5 19 6f 94|"; fast_pattern; dsize:4; stream_size:client,=,5; stream_size:server,=,1; flowbits:set, mystic_stealer_conn_init; reference:md5,df80b1e50cfebb0c4dbf5ac51c5d7254; reference:url,inquest.net/blog/2023/06/15/mystic-stealer-new-kid-block; reference:url,www.zscaler.com/blogs/security-research/mystic-stealer; classtype:trojan-activity; sid:2046294; rev:3; metadata:attack_target Client_Endpoint, created_at 2023_06_16, deployment Perimeter, malware_family Mystic, confidence High, signature_severity Major, tag Stealer, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_01_31;)

References

md5	df80b1e50cfebb0c4dbf5ac51c5d7254 Google Search Brave Search
url	inquest.net/blog/2023/06/15/mystic-stealer-new-kid-block
url	www.zscaler.com/blogs/security-research/mystic-stealer

Metadata

attack targetClient_Endpoint

created at2023_06_16

deploymentPerimeter

malware familyMystic

confidenceHigh

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2024_01_31

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!