MysticStealer C2 Panel 88b6ef2f

Detects the Mystic stealer C2 panel page.

As the page likes to broadcast the fact that it is a Mystic Stealer C2 page in the title.

References

https://twitter.com/0xrb/status/1653364901384003585
https://urlscan.io/result/5d326ed9-3bcc-40f3-9fd2-2bdea6fd800f
https://urlscan.io/result/3fdaf5e7-a741-4cb8-8fa9-dedb00b1672b

IOK Rule (edit)

title: MysticStealer C2 Panel 88b6ef2f
description: | 
  Detects the `Mystic` stealer C2 panel page. 
  
  As the page likes to broadcast the fact that
  it is a Mystic Stealer C2 page in the title.

references: 
  - https://twitter.com/0xrb/status/1653364901384003585
  - https://urlscan.io/result/5d326ed9-3bcc-40f3-9fd2-2bdea6fd800f
  - https://urlscan.io/result/3fdaf5e7-a741-4cb8-8fa9-dedb00b1672b

detection: 

  pageTitle: 
    html|contains: '        Mystic Stealer -  Login'
  
  cssFile:
    requests|contains: 'datta-icon.css'

  condition: pageTitle and cssFile


tags: 
  - malware.mystic
  - malware