Geeks for your information Security Security Vendors Kaspersky Kaspersky Security Blog v
Hunting for Mythic in network traffic
Hunting for Mythic in network traffic
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 15,824
Threads: 10,141
Thanks Received: 9,306 in 7,452 posts
Thanks Given: 10,217
Joined: 12 September 18
#1
Bug  12 December 25, 11:42
Quote:Post-exploitation frameworks

Threat actors frequently employ post-exploitation frameworks in cyberattacks to maintain control over compromised hosts and move laterally within the organization’s network. While they once favored closed-source frameworks, such as Cobalt Strike and Brute Ratel C4, open-source projects like Mythic, Sliver, and Havoc have surged in popularity in recent years. Malicious actors are also quick to adopt relatively new frameworks, such as Adaptix C2.
 
Analysis of popular frameworks revealed that their development focuses heavily on evading detection by antivirus and EDR solutions, often at the expense of stealth against systems that analyze network traffic. While obfuscating an agent’s network activity is inherently challenging, agents must inevitably communicate with their command-and-control servers. Consequently, an agent’s presence in the system and its malicious actions can be detected with the help of various network-based intrusion detection systems (IDS) and, of course, Network Detection and Response (NDR) solutions.
 
This article examines methods for detecting the Mythic framework within an infrastructure by analyzing network traffic. This framework has gained significant traction among various threat actors, including Mythic Likho (Arcane Wolf) и GOFFEE (Paper Werewolf), and continues to be used in APT and other attacks.

The Mythic framework

Mythic C2 is a multi-user command and control (C&C, or C2) platform designed for managing malicious agents during complex cyberattacks. Mythic is built on a Docker container architecture, with its core components – the server, agents, and transport modules – written in Python. This architecture allows operators to add new agents, communication channels, and custom modifications on the fly.
 
Since Mythic is a versatile tool for the attacker, from the defender’s perspective, its use can align with multiple stages of the Unified Kill Chain, as well as a large number of tactics, techniques, and procedures in the MITRE ATT&CK® framework.

Continue Reading...
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
AntGROUP Inc. / VCap-developer
Ant Download Manager...jasonX — 09:21
WhatsApp Web Finally Gets Built-In Voice...
For a long time, W...harlan4096 — 08:46
AnyDesk 9.6.10 for Windows
AnyDesk 9.6.10 for...harlan4096 — 08:27
Google Chrome 145.0.7632.45/46
Google Chrome 145....harlan4096 — 08:26
UltraSearch 4.9
Version 4.9 New...harlan4096 — 08:25

[-]
Birthdays
Today's Birthdays
avatar (46)myhotseeve
avatar (46)Edwinmub
Upcoming Birthdays
avatar (38)showercurtains
avatar (49)PeterWhink
avatar (50)neuthrusBub
avatar (30)script6027529171
avatar (46)dimaWeami
avatar (39)TranoTymn
avatar (39)MezirLal
avatar (38)Michaelaburi
avatar (46)dpascoal
avatar (51)Ronaldduh
avatar (39)legalgauch
avatar (44)Baihu
avatar (27)RaseinsLikes

[-]
Online Staff
There are no staff members currently online.

>