1. Home
  2. Software
  3. Mythic

Mythic

Mythic is an open source, cross-platform post-exploitation/command and control platform. Mythic is designed to "plug-n-play" with various agents and communication channels.[1][2][3] Deployed Mythic C2 servers have been observed as part of potentially malicious infrastructure.[4]

ID: S0699
โ“˜
Type: TOOL
โ“˜
Platforms: Windows, Linux, macOS
Contributors: Cody Thomas, SpecterOps
Version: 1.0
Created: 26 March 2022
Last Modified: 16 April 2025
Version Permalink
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1071 .001 Application Layer Protocol: Web Protocols

Mythic supports HTTP-based C2 profiles.[3]

.002 Application Layer Protocol: File Transfer Protocols

Mythic supports SMB-based peer-to-peer C2 profiles.[3]

.004 Application Layer Protocol: DNS

Mythic supports DNS-based C2 profiles.[3]

Enterprise T1119 Automated Collection

Mythic supports scripting of file downloads from agents.[3]

Enterprise T1132 Data Encoding

Mythic provides various transform functions to encode and/or randomize C2 data.[3]

Enterprise T1030 Data Transfer Size Limits

Mythic supports custom chunk sizes used to upload/download files.[3]

Enterprise T1573 .002 Encrypted Channel: Asymmetric Cryptography

Mythic supports SSL encrypted C2.[3]

Enterprise T1008 Fallback Channels

Mythic can use a list of C2 URLs as fallback mechanisms in case one IP or domain gets blocked.[3]

Enterprise T1095 Non-Application Layer Protocol

Mythic supports WebSocket and TCP-based C2 profiles.[3]

Enterprise T1572 Protocol Tunneling

Mythic can use SOCKS proxies to tunnel traffic through another protocol.[3]
Enterprise T1090 .001 Proxy: Internal Proxy

Mythic can leverage a peer-to-peer C2 profile between agents.[3]

.002 Proxy: External Proxy

Mythic can leverage a modified SOCKS5 proxy to tunnel egress C2 traffic.[3]
.004 Proxy: Domain Fronting

Mythic supports domain fronting via custom request headers.[3]

References

  1. Thomas, C. (2018, July 4). Mythic. Retrieved March 25, 2022.
  2. Thomas, C. (2020, August 13). A Change of Mythic Proportions. Retrieved March 25, 2022.
  1. Thomas, C. (n.d.). Mythc Documentation. Retrieved March 25, 2022.
  2. Insikt Group. (2022, January 18). 2021 Adversary Infrastructure Report. Retrieved March 25, 2022.