Mythic

Mythic is an open source, cross-platform post-exploitation/command and control platform. Mythic is designed to "plug-n-play" with various agents and communication channels.^[1]^[2]^[3] Deployed Mythic C2 servers have been observed as part of potentially malicious infrastructure.^[4]

ID: S0699

ⓘ

Type: TOOL

ⓘ

Platforms: Windows, Linux, macOS

Contributors: Cody Thomas, SpecterOps

Version: 1.0

Created: 26 March 2022

Last Modified: 18 April 2022

Techniques Used

Domain	ID		Name	Use
Enterprise	T1090	.001	代理: Internal Proxy	Mythic can leverage a peer-to-peer C2 profile between agents.^[3]
		.002	代理: External Proxy	Mythic can leverage a modified SOCKS5 proxy to tunnel egress C2 traffic.^[3]
		.004	代理: Domain Fronting	Mythic supports domain fronting via custom request headers.^[3]
Enterprise	T1573	.002	加密通道: Asymmetric Cryptography	Mythic supports SSL encrypted C2.^[3]
Enterprise	T1572		协议隧道	Mythic can use SOCKS proxies to tunnel traffic through another protocol.^[3]
Enterprise	T1008		回退信道	Mythic can use a list of C2 URLs as fallback mechanisms in case one IP or domain gets blocked.^[3]
Enterprise	T1071	.001	应用层协议: Web Protocols	Mythic supports HTTP-based C2 profiles.^[3]
		.002	应用层协议: File Transfer Protocols	Mythic supports SMB-based peer-to-peer C2 profiles.^[3]
		.004	应用层协议: DNS	Mythic supports DNS-based C2 profiles.^[3]
Enterprise	T1030		数据传输大小限制	Mythic supports custom chunk sizes used to upload/download files.^[3]
Enterprise	T1132		数据编码	Mythic provides various transform functions to encode and/or randomize C2 data.^[3]
Enterprise	T1119		自动化收集	Mythic supports scripting of file downloads from agents.^[3]
Enterprise	T1095		非应用层协议	Mythic supports WebSocket and TCP-based C2 profiles.^[3]

References

Thomas, C. (n.d.). Mythc Documentation. Retrieved March 25, 2022.
Insikt Group. (2022, January 18). 2021 Adversary Infrastructure Report. Retrieved March 25, 2022.

Mythic

Enterprise Layer

Techniques Used

References