diff --git a/http/exposed-panels/c2/mystic-stealer.yaml b/http/exposed-panels/c2/mystic-stealer.yaml new file mode 100644 index 0000000000..55bfe035cb --- /dev/null +++ b/http/exposed-panels/c2/mystic-stealer.yaml @@ -0,0 +1,24 @@ +id: mystic-stealer + +info: + name: Mystic Stealer Panel - Detect + author: pussycat0x + severity: info + description: | + Mystic Stealer panel were detected. + metadata: + shodan-query: http.title:"Mystic Stealer" + verified: "true" + tags: tech,rat,mystic-stealer,c2,panel + +http: + - method: GET + path: + - "{{BaseURL}}" + + host-redirects: true + matchers: + - type: dsl + dsl: + - "status_code == 200 && contains(body, 'Mystic Stealer')" + condition: and \ No newline at end of file