Woodgnat Hackers Use Mistic RAT to Broker Access for Ransomware Gangs
ID: f5ab0ac0-2917-59b1-9ed3-53785f93fe79
STIX ID: report--f5ab0ac0-2917-59b1-9ed3-53785f93fe79
Feed Name: HackRead
A newly discovered RAT named Backdoor.Mistic (MLTBackdoor), attributed to the Woodgnat access-broker group, is being used since April 2026 to gain stealthy, fileless access to corporate networks and sell that access to multiple ransomware affiliates; operators deliver the payload via social-engineering (compromised WordPress pages and fraudulent Microsoft Teams IT messages), use PowerShell chains, DLL sideloading and living-off-the-land tools, and employ an instant self-delete kill switch to evade detection.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
