Geeks for your information Security Security Vendors Kaspersky Kaspersky Security Blog v
Hunting for Mythic in network traffic
Hunting for Mythic in network traffic
harlan4096 Online
MalWare Zoo Team
*******
Posts: 15,995
Threads: 10,200
Thanks Received: 9,318 in 7,464 posts
Thanks Given: 10,254
Joined: 12 September 18
#1
Bug  12 December 25, 11:42
Quote:Post-exploitation frameworks

Threat actors frequently employ post-exploitation frameworks in cyberattacks to maintain control over compromised hosts and move laterally within the organization’s network. While they once favored closed-source frameworks, such as Cobalt Strike and Brute Ratel C4, open-source projects like Mythic, Sliver, and Havoc have surged in popularity in recent years. Malicious actors are also quick to adopt relatively new frameworks, such as Adaptix C2.
 
Analysis of popular frameworks revealed that their development focuses heavily on evading detection by antivirus and EDR solutions, often at the expense of stealth against systems that analyze network traffic. While obfuscating an agent’s network activity is inherently challenging, agents must inevitably communicate with their command-and-control servers. Consequently, an agent’s presence in the system and its malicious actions can be detected with the help of various network-based intrusion detection systems (IDS) and, of course, Network Detection and Response (NDR) solutions.
 
This article examines methods for detecting the Mythic framework within an infrastructure by analyzing network traffic. This framework has gained significant traction among various threat actors, including Mythic Likho (Arcane Wolf) и GOFFEE (Paper Werewolf), and continues to be used in APT and other attacks.

The Mythic framework

Mythic C2 is a multi-user command and control (C&C, or C2) platform designed for managing malicious agents during complex cyberattacks. Mythic is built on a Docker container architecture, with its core components – the server, agents, and transport modules – written in Python. This architecture allows operators to add new agents, communication channels, and custom modifications on the fly.
 
Since Mythic is a versatile tool for the attacker, from the defender’s perspective, its use can align with multiple stages of the Unified Kill Chain, as well as a large number of tactics, techniques, and procedures in the MITRE ATT&CK® framework.

Continue Reading...
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Scientists invent entirely new kind of s...
Scientists have inve...schreckdeividas — 07:51
Android trojan posing as government serv...
We break down the ...harlan4096 — 10:18
Brave Release v1.88.127 (Chromium 146.0....
Release v1.88.127 ...harlan4096 — 10:16
AMD reveals “FSR Diamond” for Next-Gen X...
AMD confirms FSR D...harlan4096 — 10:15
Intel announces $299 Core Ultra 7 270K P...
Intel Arrow Lake R...harlan4096 — 10:14

[-]
Birthdays
Today's Birthdays
avatar (51)tersfargum
avatar (50)alfreExept
Upcoming Birthdays
avatar (44)gapedDow
avatar (38)snorydar
avatar (43)Hectorvot
avatar (51)knowhanPluts
avatar (39)Williamengiz
avatar (46)qaqapeti
avatar (44)battsourIonix
avatar (43)CedricSek
avatar (39)chasRex
avatar (33)uteluxix
avatar (47)piafcflene
avatar (39)Matthewkah
avatar (38)Charlesfibre
avatar (38)francisnj3
avatar (43)artmaGoork

[-]
Online Staff
There are no staff members currently online.

>