logo

Mistic Backdoor Linked to Ransomware Access Broker

ID: 56c0d97c-d242-5f91-b936-62bba06246b4

STIX ID: report--56c0d97c-d242-5f91-b936-62bba06246b4

Feed Name: securityonline.info

Threat Score
75/100

Date Published: 2026-06-27

Date Updated: 2026-06-27

Author: Do Son

...
...

### Executive Summary Security researchers discovered the Mistic backdoor, attributed to the financially motivated group Woodgnat, using DLL side-loading of MpExtMs.exe to achieve in-memory execution and persistent, low‑footprint access in insurance, education, IT and professional services environments; the tool includes a self-deletion kill switch and is used to establish long-term footholds sold to ransomware affiliates.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.