Mythic

Tool updated 8 months ago (2024-05-05T03:18:13.831Z)
Download STIX
Preview STIX
Mythic is a versatile software tool that can be used for various purposes, including potentially as part of a cyber attack. It doesn't host any Payload Types or C2 Profiles in its repository but instead provides a command "./mythic-cli install github [branch name] [-f]" to install agents into a current Mythic instance. The software uses Docker and Docker-compose for all of its components, allowing it to offer a broad range of features without imposing requirements on the host system. All of Mythic's docker containers are hosted on DockerHub under "itsafeaturemythic". In addition, Mythic employs custom PyPi packages to synchronize information across containers and facilitate script access to the server. Data tracking, modeling, and analysis form the core of Mythic's functionality, enabling it to improve operators' quality of life. From the inception of a payload, Mythic records specific command and control profile parameters, loaded commands, their versions, and details about who created it, when, and why. This approach represents a shift from earlier versions of Mythic, which included default Payload Types and C2 Profiles within the repository. A series of YouTube videos provide further insight into how Mythic operates and highlight key features. Interestingly, Mythic has been associated with MYTHIC LEOPARD, identified by CrowdStrike as the Adversary of the Month. MYTHIC LEOPARD is a targeted intrusion adversary likely fulfilling strategic intelligence requirements of the Pakistani state, with India, Pakistan, the United States, and the United Kingdom being the primary targets. The development of Mythic has been sponsored by various individuals and corporations, contributing over $20 per month, demonstrating the tool's significance in the field.
Description last updated: 2024-05-05T03:18:13.773Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Mythic Leopard is a possible alias for Mythic. Mythic Leopard, also known as Transparent Tribe, APT36, and ProjectM, is a threat actor group likely serving the strategic intelligence requirements of the Pakistani state. The group has been active since at least 2013, demonstrating prolific activity in cyber espionage. The group primarily targets
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Mythic Tool was read from the documents corpus below. This display is limited to 20 results, create a free account to see more