Mistic is a stealthy new backdoor used in financially motivated attacks against organizations in insurance, education, IT, and professional services, with evidence linking it to the KongTuke/Woodgnat initial access broker. Symantec and Zscaler say the malware supports persistent access, in-memory execution, and expanded capabilities through Beacon Object Files, and it has been delivered through multi-stage infection chains including Microsoft Teams social engineering and ClickFix. #Mistic #KongTuke #Woodgnat #ModeloRAT #MTLBackdoor #ClickFix
Keypoints
- Mistic is a newly observed backdoor used in financially motivated intrusions.
- It targets insurance, education, IT, and professional services organizations.
- The malware is linked to KongTuke/Woodgnat, an initial access broker.
- It can persist stealthily, run payloads in memory, and accept C2 commands.
- Zscaler says Mistic can load BOFs to expand its functionality.