Geeks for your information Security Security Vendors Kaspersky Kaspersky Security Blog v
Hunting for Mythic in network traffic
Hunting for Mythic in network traffic
harlan4096 Online
MalWare Zoo Team
*******
Posts: 16,178
Threads: 10,273
Thanks Received: 9,346 in 7,492 posts
Thanks Given: 10,310
Joined: 12 September 18
#1
Bug  12 December 25, 11:42
Quote:Post-exploitation frameworks

Threat actors frequently employ post-exploitation frameworks in cyberattacks to maintain control over compromised hosts and move laterally within the organization’s network. While they once favored closed-source frameworks, such as Cobalt Strike and Brute Ratel C4, open-source projects like Mythic, Sliver, and Havoc have surged in popularity in recent years. Malicious actors are also quick to adopt relatively new frameworks, such as Adaptix C2.
 
Analysis of popular frameworks revealed that their development focuses heavily on evading detection by antivirus and EDR solutions, often at the expense of stealth against systems that analyze network traffic. While obfuscating an agent’s network activity is inherently challenging, agents must inevitably communicate with their command-and-control servers. Consequently, an agent’s presence in the system and its malicious actions can be detected with the help of various network-based intrusion detection systems (IDS) and, of course, Network Detection and Response (NDR) solutions.
 
This article examines methods for detecting the Mythic framework within an infrastructure by analyzing network traffic. This framework has gained significant traction among various threat actors, including Mythic Likho (Arcane Wolf) и GOFFEE (Paper Werewolf), and continues to be used in APT and other attacks.

The Mythic framework

Mythic C2 is a multi-user command and control (C&C, or C2) platform designed for managing malicious agents during complex cyberattacks. Mythic is built on a Docker container architecture, with its core components – the server, agents, and transport modules – written in Python. This architecture allows operators to add new agents, communication channels, and custom modifications on the fly.
 
Since Mythic is a versatile tool for the attacker, from the defender’s perspective, its use can align with multiple stages of the Unified Kill Chain, as well as a large number of tactics, techniques, and procedures in the MITRE ATT&CK® framework.

Continue Reading...
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Google Chrome 147.0.7727.101/102
Google Chrome 147.0...harlan4096 — 07:08
PatchMyPC 5.4.4.0 (15-April-2026)
Version 5.4.4.0 i...harlan4096 — 07:05
Microsoft Fixes Windows Server 2019 and ...
Microsoft has fixe...harlan4096 — 07:02
Over 100 Malicious Chrome Extensions Ste...
Security researche...harlan4096 — 07:02
[Test & Review Request] Looking for fee...
Can you at least i...LFTyyy — 14:28

[-]
Birthdays
Today's Birthdays
avatar (50)fuspeukChark
avatar (44)werriewWaiNg
avatar (38)Freemanleo
Upcoming Birthdays
avatar (45)wapedDow
avatar (49)oapedDow
avatar (42)Sanchowogy
avatar (44)techlignub
avatar (43)Stevenmam
avatar (50)onlinbah
avatar (51)steakelask
avatar (45)Termoplenka
avatar (43)bycoPaist
avatar (49)pieloKat
avatar (43)ilyagNeexy
avatar (51)donitascene
avatar (51)Toligo
avatar (38)RobertUtelt

[-]
Online Staff
dhruv2193's profile dhruv2193

>