Mistic Backdoor Linked to Ransomware Access Broker
ID: 56c0d97c-d242-5f91-b936-62bba06246b4
STIX ID: report--56c0d97c-d242-5f91-b936-62bba06246b4
Feed Name: securityonline.info
Threat Score
### Executive Summary Security researchers discovered the Mistic backdoor, attributed to the financially motivated group Woodgnat, using DLL side-loading of MpExtMs.exe to achieve in-memory execution and persistent, low‑footprint access in insurance, education, IT and professional services environments; the tool includes a self-deletion kill switch and is used to establish long-term footholds sold to ransomware affiliates.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
