Geeks for your information Security Security Vendors Kaspersky Kaspersky Security Blog v
Hunting for Mythic in network traffic
Hunting for Mythic in network traffic
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 16,104
Threads: 10,241
Thanks Received: 9,329 in 7,475 posts
Thanks Given: 10,286
Joined: 12 September 18
#1
Bug  12 December 25, 11:42
Quote:Post-exploitation frameworks

Threat actors frequently employ post-exploitation frameworks in cyberattacks to maintain control over compromised hosts and move laterally within the organization’s network. While they once favored closed-source frameworks, such as Cobalt Strike and Brute Ratel C4, open-source projects like Mythic, Sliver, and Havoc have surged in popularity in recent years. Malicious actors are also quick to adopt relatively new frameworks, such as Adaptix C2.
 
Analysis of popular frameworks revealed that their development focuses heavily on evading detection by antivirus and EDR solutions, often at the expense of stealth against systems that analyze network traffic. While obfuscating an agent’s network activity is inherently challenging, agents must inevitably communicate with their command-and-control servers. Consequently, an agent’s presence in the system and its malicious actions can be detected with the help of various network-based intrusion detection systems (IDS) and, of course, Network Detection and Response (NDR) solutions.
 
This article examines methods for detecting the Mythic framework within an infrastructure by analyzing network traffic. This framework has gained significant traction among various threat actors, including Mythic Likho (Arcane Wolf) и GOFFEE (Paper Werewolf), and continues to be used in APT and other attacks.

The Mythic framework

Mythic C2 is a multi-user command and control (C&C, or C2) platform designed for managing malicious agents during complex cyberattacks. Mythic is built on a Docker container architecture, with its core components – the server, agents, and transport modules – written in Python. This architecture allows operators to add new agents, communication channels, and custom modifications on the fly.
 
Since Mythic is a versatile tool for the attacker, from the defender’s perspective, its use can align with multiple stages of the Unified Kill Chain, as well as a large number of tactics, techniques, and procedures in the MITRE ATT&CK® framework.

Continue Reading...
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Geekbench flags Intel Binary Optimizati...
Geekbench says Intel...harlan4096 — 16:40
Surfshark VPN : Award-winning VPN servi...
VPN encryption exp...jasonX — 12:36
Surfshark VPN : Award-winning VPN servi...
5-9-14 Eyes and VP...jasonX — 12:04
QOwnNotes
26.3.24  Added bloc...Kool — 10:38
K-Lite Codec Pack 19.6.0 / 19.6.4 Update
Changes in 19.6.4 ...harlan4096 — 09:03

[-]
Birthdays
Today's Birthdays
avatar (44)lamSouse
Upcoming Birthdays
avatar (45)wapedDow
avatar (49)oapedDow
avatar (42)Sanchowogy
avatar (46)MeighGoask
avatar (47)creatralGuelm
avatar (38)procnipsut
avatar (44)accenwibly
avatar (41)ahyvily
avatar (38)urumahiz
avatar (44)techlignub
avatar (43)Stevenmam
avatar (50)onlinbah
avatar (50)fuspeukChark
avatar (44)werriewWaiNg
avatar (38)Freemanleo
avatar (48)cticigges
avatar (50)ecoFit
avatar (44)soccejeS
avatar (43)cdoubapKit
avatar (38)lystraPonia
avatar (31)smith8395john
avatar (51)steakelask
avatar (45)Termoplenka
avatar (43)bycoPaist
avatar (49)pieloKat
avatar (43)ilyagNeexy
avatar (51)donitascene
avatar (51)burntLaw
avatar (41)MrDoorsskibheeds
avatar (51)Toligo
avatar (46)Rodneykak
avatar (49)tradeSmode
avatar (39)vemedProkbior
avatar (38)RobertUtelt
avatar (46)JamesZic
avatar (43)Sanfordbup
avatar (38)Der.Reisende
avatar (41)alapesihy
avatar (36)Kiran78

[-]
Online Staff
There are no staff members currently online.

>