Skip to content

S0699 Mythic

Mythic is an open source, cross-platform post-exploitation/command and control platform. Mythic is designed to “plug-n-play” with various agents and communication channels.234 Deployed Mythic C2 servers have been observed as part of potentially malicious infrastructure.1

Item Value
ID S0699
Associated Names
Version 1.0
Created 26 March 2022
Last Modified 18 April 2022
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1071 Application Layer Protocol -
enterprise T1071.001 Web Protocols Mythic supports HTTP-based C2 profiles.4
enterprise T1071.002 File Transfer Protocols Mythic supports SMB-based peer-to-peer C2 profiles.4
enterprise T1071.004 DNS Mythic supports DNS-based C2 profiles.4
enterprise T1119 Automated Collection Mythic supports scripting of file downloads from agents.4
enterprise T1132 Data Encoding Mythic provides various transform functions to encode and/or randomize C2 data.4
enterprise T1030 Data Transfer Size Limits Mythic supports custom chunk sizes used to upload/download files.4
enterprise T1573 Encrypted Channel -
enterprise T1573.002 Asymmetric Cryptography Mythic supports SSL encrypted C2.4
enterprise T1008 Fallback Channels Mythic can use a list of C2 URLs as fallback mechanisms in case one IP or domain gets blocked.4
enterprise T1095 Non-Application Layer Protocol Mythic supports WebSocket and TCP-based C2 profiles.4
enterprise T1572 Protocol Tunneling Mythic can use SOCKS proxies to tunnel traffic through another protocol.4
enterprise T1090 Proxy -
enterprise T1090.001 Internal Proxy Mythic can leverage a peer-to-peer C2 profile between agents.4
enterprise T1090.002 External Proxy Mythic can leverage a modified SOCKS5 proxy to tunnel egress C2 traffic.4
enterprise T1090.004 Domain Fronting Mythic supports domain fronting via custom request headers.4