From 5b6c47b74eee59e1900919d1830259ef7f9c1abb Mon Sep 17 00:00:00 2001
From: pussycat0x <65701233+pussycat0x@users.noreply.github.com>
Date: Fri, 7 Jul 2023 16:54:31 +0530
Subject: [PATCH] Mystic Stealer Panel

---
 http/exposed-panels/c2/mystic-stealer.yaml | 24 ++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 http/exposed-panels/c2/mystic-stealer.yaml

diff --git a/http/exposed-panels/c2/mystic-stealer.yaml b/http/exposed-panels/c2/mystic-stealer.yaml
new file mode 100644
index 0000000000..55bfe035cb
--- /dev/null
+++ b/http/exposed-panels/c2/mystic-stealer.yaml
@@ -0,0 +1,24 @@
+id: mystic-stealer
+
+info:
+  name: Mystic Stealer Panel - Detect
+  author: pussycat0x
+  severity: info
+  description: |
+    Mystic Stealer panel were detected.
+  metadata:
+    shodan-query: http.title:"Mystic Stealer"
+    verified: "true"
+  tags: tech,rat,mystic-stealer,c2,panel
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    host-redirects: true
+    matchers:
+      - type: dsl
+        dsl:
+          - "status_code == 200 && contains(body, 'Mystic Stealer')"
+        condition: and
\ No newline at end of file