Mystic Stealer
Tags
cmtmf-attack-pattern: Traffic Distribution
country: Bulgaria China Germany France Latvia Russia United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Datasets Control Panel - T1218.002 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Keychain - T1634.001 Keychain - T1555.001 Keychain - T1579 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Whois - T1596.002 Browser Extensions - T1176 Connection Proxy - T1090 Hypervisor - T1062 Keychain - T1142
Show in Graph
Common Information
Type Value
UUID 5af9bfdc-8988-471e-be2c-ff4027ea58dc
Fingerprint 2dbcf8d4aa36be87
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 18, 2023, midnight
Added to db Nov. 19, 2023, 3:54 a.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline Zscaler Blog
Title Mystic Stealer
Detected Hints/Tags/Attributes 126/4/119
Source URLs
Redirection Url
Details Source https://www.zscaler.com/blogs/security-research/mystic-stealer
URL Provider
Details Provider Source level domain
Details zscaler.com www.zscaler.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 406 Security Research | Blog Category Feed https://www.zscaler.com/blogs/feeds/security-research 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Autonomous System Number 15 
AS24940
Details Autonomous System Number 40 
AS16276
Details Autonomous System Number 8 
AS210644
Details Autonomous System Number 5 
AS207713
Details Autonomous System Number 6 
AS204603
Details Autonomous System Number 5 
AS58061
Details Autonomous System Number 2 
AS46308
Details Autonomous System Number 2 
AS202973
Details Domain 119 
yandex.ru
Details Domain 4 
alchemistwallet.io
Details Domain 4 
gujaratstudy.in
Details Domain 3 
regway.com
Details Domain 4 
bhandarapolice.org
Details Domain 3 
hanoigarden.net
Details Domain 3 
engtechjournal.org
Details Domain 3 
marisolblooms.com
Details Domain 3 
wordczarmedia.com
Details Domain 3 
coloradotruckie.com
Details Domain 3 
babypicturesultrasound.com
Details Domain 3 
sacredspace-sf.com
Details Domain 3 
teammsolutions.com
Details Domain 3 
africahelp.org
Details Domain 3 
bayswaterholding.com
Details Domain 3 
ashrayakrutifoundation.org
Details Domain 154 
urlscan.io
Details Domain 4 
www.coloradotruckie.com
Details Domain 246 
mail.ru
Details Domain 9 
www.broadcom.com
Details Domain 1373 
twitter.com
Details Domain 6 
ioc.exchange
Details Domain 8 
www.zerofox.com
Details Domain 4127 
github.com
Details Domain 454 
www.google.com
Details Domain 11 
threatfox.abuse.ch
Details Domain 5 
phish.report
Details Email 2 
grand.bbs@yandex.ru
Details File 748 
kernel32.dll
Details File 229 
advapi32.dll
Details File 33 
gdiplus.dll
Details File 83 
crypt32.dll
Details File 291 
user32.dll
Details File 130 
ws2_32.dll
Details File 86 
ole32.dll
Details File 76 
gdi32.dll
Details File 533 
ntdll.dll
Details File 2 
1367.exe
Details File 175 
update.exe
Details File 2 
qawsed.exe
Details File 2 
894d.exe
Details File 15 
ips.txt
Details Github username 4 
phish-report
Details Github username 5 
montysecurity
Details md5 4 
df80b1e50cfebb0c4dbf5ac51c5d7254
Details md5 4 
8f2649698c183ba2b52e5e425852109d
Details md5 4 
d6d4965d7fe2d90a52736f0db331f81a
Details md5 4 
9cd292d1fac1768b38a49bc6b288c67d
Details md5 4 
1c8b7141d44e96dcc8c22d3bfdac433c
Details md5 5 
baa93d47220682c04d92f7797d9224ce
Details sha256 4 
47439044a81b96be0bb34e544da881a393a30f0272616f52f54405b4bf288c7c
Details sha256 3 
5c0987d0ee43f2d149a38fc7320d9ffd02542b2b71ac6b5ea5975f907f9b9bf8
Details sha256 2 
acba3311b319a60192be2e29aa8038c863a794be39603a21ee8ee4ccc3ebfca6
Details sha256 2 
7c185697d3d3a544ca0cef987c27e46b20997c7ef69959c720a8d2e8a03cd5dc
Details sha256 2 
8592e7e7b89cac6bf4fd675f10cc9ba319abd4aa6eaa00fb0b1c42fb645d3410
Details sha256 3 
45d29afc212f2d0be4e198759c3c152bb8d0730ba20d46764a08503eab0b454f
Details sha256 3 
30fb52e4bd3c4866a7b6ccedcfa7a3ff25d73440ca022986a6781af669272639
Details sha256 2 
ce56e45ad63065bf16bf736dccb452c48327803b434e20d58a6fed04f1ce2da9
Details sha256 3 
7ab8f9720c5f42b89f4b6feda21e7aa20334ba1230c3aef34b0e6481a3425681
Details sha256 3 
fc4aa58229b6b2b948325f6630fe640c2527345ecb0e675592885a5fa6d26f03
Details sha256 2 
faf14cca1e17a7676c15266507219e3319943b19e21287015b9c968f0244fde2
Details sha256 2 
96ec0e1c018e476d981aa206a657960e5be05cb5383ae5a7fbb274611a9ccdcc
Details IPv4 5 
164.132.200.171
Details IPv4 5 
135.181.47.95
Details IPv4 4 
95.216.32.74
Details IPv4 5 
185.252.179.18
Details IPv4 4 
212.113.106.114
Details IPv4 4 
213.142.147.235
Details IPv4 5 
194.169.175.123
Details IPv4 5 
142.132.201.228
Details IPv4 5 
94.130.164.47
Details IPv4 6 
94.23.26.20
Details IPv4 5 
91.121.118.80
Details IPv4 4 
167.235.34.144
Details Url 2 
https://urlscan.io/result/535841c6-ea4a-4e8c-85b7-e19bd5ad68e5
Details Url 2 
https://urlscan.io/result/7b2e16cb-9b66-4192-8b69-98fb89fa12ea
Details Url 2 
https://urlscan.io/result/3fdaf5e7-a741-4cb8-8fa9-dedb00b1672b
Details Url 2 
https://urlscan.io/result/5d326ed9-3bcc-40f3-9fd2-2bdea6fd800f
Details Url 2 
https://urlscan.io/result/882d8d05-1523-41eb-892f-ba58d6656512
Details Url 2 
https://urlscan.io/result/cc6be796-ee37-4cc4-a37f-c9abb9bf17bc
Details Url 2 
https://urlscan.io/result/16f972cb-adb8-486a-9bff-3bebb673792e
Details Url 2 
https://urlscan.io/result/b5224ba6-1b50-42b0-b453-46204ebd1358
Details Url 2 
https://urlscan.io/result/016de1c6-cb24-4e3a-9ffa-5f8c21edf2c5
Details Url 2 
https://www.broadcom.com/support/security-center/protection-bulletin?#blt6304f750388759f4_en
Details Url 1 
https://twitter.com/yeti_sec/status/1638537367567958016
Details Url 1 
https://twitter.com/sloppy_bear/status/1638713241198030850
Details Url 1 
https://twitter.com/threatintel/status/1638743922204876800
Details Url 1 
https://twitter.com/_montysecurity/status/1643164749599834112
Details Url 1 
https://twitter.com/groupib_ti/status/1651199735049469953
Details Url 1 
https://twitter.com/dailydarkweb/status/1652070191285821440
Details Url 1 
https://twitter.com/falconfeedsio/status/1653355558605299713
Details Url 1 
https://twitter.com/0xrb/status/1653364901384003585
Details Url 1 
https://twitter.com/crocodylii/status/1653761115493486593
Details Url 2 
https://ioc.exchange
Details Url 1 
https://twitter.com/inquest/status/1654498173069426691
Details Url 2 
https://twitter.com/connectraek/status/1656232673243983873
Details Url 2 
https://www.zerofox.com/blog/underground-economist-volume-3-issue-9
Details Url 1 
https://twitter.com/falconfeedsio/status/1659106113424355328
Details Url 1 
https://twitter.com/mikyrov/status/1661016035766702091
Details Url 1 
https://twitter.com/falconfeedsio/status/1662038253791322112
Details Url 2 
https://github.com/phish-report/iok/blob/main/indicators/mystic-stealer-88b6ef2f.yml
Details Url 2 
https://github.com/montysecurity/c2-tracker/blob/main/data/mystic
Details Url 6 
https://www.google.com/search?q=
Details Url 2 
https://threatfox.abuse.ch/browse/tag/mystic
Details Url 2 
https://urlscan.io/search/#page.title
Details Url 2 
https://urlscan.io/search#page.title
Details Url 2 
https://urlscan.io/search/#hash:faf14cca1e17a7676c15266507219e3319943b19e21287015b9c968f0244fde2
Details Url 3 
https://urlscan.io/search/#task.tags
Details Url 3 
https://phish.report/iok/indicators/mystic-stealer-88b6ef2f
Details Url 2 
https://www.virustotal.com/gui/collection/96ec0e1c018e476d981aa206a657960e5be05cb5383ae5a7fbb274611a9ccdcc
Details Url 2 
https://twitter.com/hashtag/mysticstealer?f=live