Mythic
ID: S0699
ⓘ
Type: TOOL
ⓘ
Platforms: Windows, Linux, macOS
Contributors: Cody Thomas, SpecterOps
Version: 1.0
Created: 26 March 2022
Last Modified: 18 April 2022
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols | |
| .002 | Application Layer Protocol: File Transfer Protocols | |||
| .004 | Application Layer Protocol: DNS | |||
| Enterprise | T1119 | Automated Collection | ||
| Enterprise | T1132 | Data Encoding |
Mythic provides various transform functions to encode and/or randomize C2 data.[3] |
|
| Enterprise | T1030 | Data Transfer Size Limits |
Mythic supports custom chunk sizes used to upload/download files.[3] |
|
| Enterprise | T1573 | .002 | Encrypted Channel: Asymmetric Cryptography | |
| Enterprise | T1008 | Fallback Channels |
Mythic can use a list of C2 URLs as fallback mechanisms in case one IP or domain gets blocked.[3] |
|
| Enterprise | T1095 | Non-Application Layer Protocol | ||
| Enterprise | T1572 | Protocol Tunneling |
Mythic can use SOCKS proxies to tunnel traffic through another protocol.[3] |
|
| Enterprise | T1090 | .001 | Proxy: Internal Proxy |
Mythic can leverage a peer-to-peer C2 profile between agents.[3] |
| .002 | Proxy: External Proxy |
Mythic can leverage a modified SOCKS5 proxy to tunnel egress C2 traffic.[3] |
||
| .004 | Proxy: Domain Fronting |
Mythic supports domain fronting via custom request headers.[3] |
||