Mystic Stealer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en132
ru98
fr92
pl90
zh84

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

fr92
ru90
pl90
de76
es74

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Zusy1
RedLine Stealer1
Amadey1
RecordBreaker1
DCRat1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined70
WordPress Plugin38
E-Commerce Management Software8
Wireless LAN Software4
Domain Name Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined40
Tenda20
Apache4
Campcodes4
GOG4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Tenda W15E8
Tenda i216
MailCleaner4
GOG Galaxy4
ISC BIND2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Apryse WebViewer PDF Document cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.17CVE-2024-4327
2MailCleaner Email os command injection9.89.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.17CVE-2024-3191
3osCommerce all-products cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000650.15CVE-2024-4348
4MailCleaner Admin Interface cross site scripting6.56.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.15CVE-2024-3192
5SourceCodester Pisay Online E-Learning System controller.php unrestricted upload7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.09CVE-2024-4349
6MailCleaner Admin Endpoints os command injection8.88.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.07CVE-2024-3193
7BloomPixel Max Addons Pro for Bricks Plugin authorization6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.08CVE-2024-32951
8Extend Themes Teluro Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33688
9Apache HTTP Server mod_lua Multipart Parser r:parsebody out-of-bounds write8.58.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.088080.03CVE-2021-44790
10Elementor ImageBox Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.08CVE-2024-3074
11Dell Wyse Proprietary OS Telemetry Dashboard information disclosure4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-28963
12Apache Parquet Parquet-MR denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2021-41561
13Foliovision FV Flowplayer Video Player Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-32955
14Dell Repository Manager API Module improper authorization8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-28976
15Jegstudio Financio Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33690
16ThemeNcode Fan Page Widget by Plugin cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33695
17Pavex Embed Google Photos Album Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.08CVE-2024-32775
18Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003391.28CVE-2015-5911
19AnnounceKit Plugin cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-3023
20Repute Infosystems ARMember Plugin authorization7.87.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-32948

IOC - Indicator of Compromise (66)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
13.111.145.27ec2-3-111-145-27.ap-south-1.compute.amazonaws.comMystic Stealer10/22/2023verifiedMedium
25.42.64.18Mystic Stealer11/11/2023verifiedHigh
35.42.64.20Mystic Stealer11/16/2023verifiedHigh
45.42.65.126Mystic Stealer12/16/2023verifiedHigh
55.42.92.43hosted-by.yeezyhost.netMystic Stealer11/11/2023verifiedHigh
65.42.92.88hosted-by.yeezyhost.netMystic Stealer10/17/2023verifiedHigh
75.42.92.211.Mystic Stealer09/12/2023verifiedHigh
85.42.94.125juicy-milk.aeza.networkMystic Stealer06/24/2023verifiedHigh
95.75.183.169static.169.183.75.5.clients.your-server.deMystic Stealer06/24/2023verifiedHigh
1013.200.127.74ec2-13-200-127-74.ap-south-1.compute.amazonaws.comMystic Stealer04/03/2024verifiedMedium
1113.208.166.206ec2-13-208-166-206.ap-northeast-3.compute.amazonaws.comMystic Stealer10/22/2023verifiedMedium
1213.232.156.210ec2-13-232-156-210.ap-south-1.compute.amazonaws.comMystic Stealer04/13/2024verifiedMedium
1323.163.0.179mail.pnet-asp.techMystic Stealer06/24/2023verifiedHigh
1437.139.129.70Mystic Stealer10/22/2023verifiedHigh
15XX.XXX.XX.XXxx.xxx.xx.xx.xxxxxx.xxx.xxXxxxxx Xxxxxxx11/07/2023verifiedHigh
16XX.XXX.X.XXXXxxxxx Xxxxxxx06/24/2023verifiedHigh
17XX.X.XX.XXXXxxxxx Xxxxxxx06/24/2023verifiedHigh
18XX.XXX.XXX.XXXxxxxx Xxxxxxx11/04/2023verifiedHigh
19XX.XXX.XXX.XXXxxx-xxxxxxxx.xxx.xxx.xxXxxxxx Xxxxxxx11/04/2023verifiedHigh
20XX.XXX.XXX.XXXXxxxxx Xxxxxxx10/22/2023verifiedHigh
21XX.XX.XXX.XXXxx-x-xx-xxxxxxxxxx.xx-xxx.xxxxXxxxxx Xxxxxxx07/18/2023verifiedHigh
22XX.XX.XXX.XXXxxxxxxxxxxxxxxxx.xx-xxx.xxxxXxxxxx Xxxxxxx06/24/2023verifiedHigh
23XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxx.xxxXxxxxx Xxxxxxx10/22/2023verifiedHigh
24XX.XX.XXX.XXXxxxxx Xxxxxxx11/01/2023verifiedHigh
25XX.XX.XXX.XXXXxxxxx Xxxxxxx11/07/2023verifiedHigh
26XX.XX.XXX.XXXXxxxxx Xxxxxxx11/01/2023verifiedHigh
27XX.XXX.XXX.XXxxxx.xxx.xxxxx.xxxXxxxxx Xxxxxxx06/17/2023verifiedHigh
28XX.XX.XX.XXXxxx.xxx.xxxxx.xxxXxxxxx Xxxxxxx06/24/2023verifiedHigh
29XX.XX.XX.XXxxx.xxx.xxxxx.xxxXxxxxx Xxxxxxx06/17/2023verifiedHigh
30XX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx06/17/2023verifiedHigh
31XX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx06/24/2023verifiedHigh
32XX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx06/24/2023verifiedHigh
33XX.XXX.X.XXXxxxxx Xxxxxxx10/22/2023verifiedHigh
34XX.XXX.XX.XXXXxxxxx Xxxxxxx11/01/2023verifiedHigh
35XX.XXX.XX.XXXXxxxxx Xxxxxxx10/22/2023verifiedHigh
36XX.XXX.XX.XXxxxxxx.xx.xx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx06/24/2023verifiedHigh
37XXX.XX.XX.XXXxxxxx Xxxxxxx01/26/2024verifiedHigh
38XXX.XXX.XXX.XXXxxxxx-xxxx.xxxxxxxxxxxxxxxxxxx-xxxxxx.xxxXxxxxx Xxxxxxx06/24/2023verifiedHigh
39XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxxxx Xxxxxxx11/12/2023verifiedHigh
40XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx06/24/2023verifiedHigh
41XXX.XXX.XX.XXxxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx06/17/2023verifiedHigh
42XXX.XXX.XXX.XXXxxxxx Xxxxxxx12/12/2023verifiedHigh
43XXX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx06/24/2023verifiedHigh
44XXX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx06/17/2023verifiedHigh
45XXX.XX.XXX.XXXXxxxxx Xxxxxxx06/24/2023verifiedHigh
46XXX.XXX.XXX.XXXxxxxxxxxx.xx-xxx-xxx-xxx.xxXxxxxx Xxxxxxx06/24/2023verifiedHigh
47XXX.XXX.XXX.XXXxxxxx Xxxxxxx08/01/2023verifiedHigh
48XXX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx06/24/2023verifiedHigh
49XXX.XX.XX.XXXXxxxxx Xxxxxxx10/22/2023verifiedHigh
50XXX.XXX.X.XXXxxxxx Xxxxxxx11/19/2023verifiedHigh
51XXX.XXX.XXX.XXXxxxxx Xxxxxxx06/17/2023verifiedHigh
52XXX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx06/24/2023verifiedHigh
53XXX.XXX.XX.XX.Xxxxxx Xxxxxxx07/27/2023verifiedHigh
54XXX.XXX.XXX.XXXxxxxx Xxxxxxx07/19/2023verifiedHigh
55XXX.XXX.XXX.XXxxxxxx-xx.xxxxxxxxx.xxxXxxxxx Xxxxxxx10/22/2023verifiedHigh
56XXX.XX.XXX.XXXxxxxx Xxxxxxx06/24/2023verifiedHigh
57XXX.XX.XX.XXXxxxxx Xxxxxxx10/22/2023verifiedHigh
58XXX.XX.XX.XXXxxxxx Xxxxxxx10/22/2023verifiedHigh
59XXX.XX.XX.XXXXxxxxx Xxxxxxx10/23/2023verifiedHigh
60XXX.XX.XX.XXXXxxxxx Xxxxxxx10/23/2023verifiedHigh
61XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxxx.xxxxxxxx.xxxXxxxxx Xxxxxxx06/17/2023verifiedHigh
62XXX.XXX.XX.XXXxxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxx Xxxxxxx10/22/2023verifiedHigh
63XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx10/31/2023verifiedHigh
64XXX.XX.X.XXXXxxxxx Xxxxxxx11/06/2023verifiedHigh
65XXX.XXX.XXX.XXXXxxxxx Xxxxxxx06/24/2023verifiedHigh
66XXX.XXX.XXX.XXXXxxxxx Xxxxxxx06/24/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (69)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/catalog/all-productspredictiveHigh
2File/changePasswordpredictiveHigh
3File/forum/away.phppredictiveHigh
4File/goform/addIpMacBindpredictiveHigh
5File/goform/DelDhcpRulepredictiveHigh
6File/goform/delIpMacBindpredictiveHigh
7File/goform/DelPortMappingpredictiveHigh
8File/goform/modifyDhcpRulepredictiveHigh
9File/goform/modifyIpMacBindpredictiveHigh
10File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
11File/xxxxxx/xxxxxxxxxxpredictiveHigh
12File/xxxxxx/xxxxxxxxxpredictiveHigh
13File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
14File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
15File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
16File/xxxxxx/xxxxxxxxxxxpredictiveHigh
17File/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
18File/xxxxxxxxxxx.xxx/xxxxxxxxpredictiveHigh
19File/xxx/xxxxxxx/xxxpredictiveHigh
20File/xxxx/xxxxxx_xxxxx_xxxxx_xxxxxx_xxxx.xxxpredictiveHigh
21File/xxxx/xxxxxxx xxxxxx/xxx/xxx_xxxx_xxxxxx.xxxpredictiveHigh
22File/xxxx/xxxxxxx_xxxxxxxxxx_xxxxxxxx.xxxpredictiveHigh
23File/xxxx/xxxxxxx_xxxx_xxxx_xxxxxx_xxxxx.xxxpredictiveHigh
24Filexxxxx/xxxxxxx/xxxxxxxxxxxxx.xxpredictiveHigh
25Filexxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
27Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
28Filexx/xxxxxx/xxxxxxxxxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxxxxx_xxxx.xxxpredictiveHigh
31Filexxxxxxxx.xxxpredictiveMedium
32Filexxxxxxxx.xxxpredictiveMedium
33Filexxxxxxxx.xxxpredictiveMedium
34Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
36Argumentxxxxx_xxxxxpredictiveMedium
37ArgumentxxxxxxxxxxxxxpredictiveHigh
38ArgumentxxxpredictiveLow
39ArgumentxxxxxxxxxpredictiveMedium
40ArgumentxxxxxxxxxxxxpredictiveMedium
41ArgumentxxxxxxxxxxpredictiveMedium
42ArgumentxxxxxxxpredictiveLow
43Argumentxxxxx_xxxpredictiveMedium
44ArgumentxxxxpredictiveLow
45ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
46Argumentxx/xxxxpredictiveLow
47ArgumentxxxxxpredictiveLow
48ArgumentxxxxxxxpredictiveLow
49ArgumentxxpredictiveLow
50ArgumentxxpredictiveLow
51ArgumentxxxxxxxxxxxxxxpredictiveHigh
52ArgumentxxxxxxxxxxxxxpredictiveHigh
53Argumentxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
54ArgumentxxxxxxxxxxpredictiveMedium
55ArgumentxxxxxxxxxxxxpredictiveMedium
56ArgumentxxxxpredictiveLow
57ArgumentxxxxpredictiveLow
58ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
59Argumentxxxxxxx_xxxxxxx_xxxxx_xxxxx_xxxxxpredictiveHigh
60ArgumentxxxxxxpredictiveLow
61ArgumentxxxxxxxxpredictiveMedium
62ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
63Argumentxxxxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxpredictiveHigh
64ArgumentxxxxxxxxxpredictiveMedium
65ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
66ArgumentxxxxpredictiveLow
67ArgumentxxxxxxxxxxpredictiveMedium
68ArgumentxxxxpredictiveLow
69Argumentxxxx/xxxxx/xxx/xxxx/xxxxxx/xxxxxxpredictiveHigh

References (11)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!