Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
The Mythic framework and C&C profiles are publicly available and associated with pen testing, security assessments, and known attack campaigns. An attacker can remotely control a device and gain an entry point for further attacks on the network through a persistent C&C channel generated by a Mythic agent.
Kill Chain
Risk Score
60
Mythic is a post-compromise C&C framework. The Mythic C&C profile component enables an attacker to disguise C&C communications as legitimate traffic from the Mythic agent, which is installed on the victim device to establish a C&C channel with a Mythic server. The profile is a configuration file that specifies both the Mythic agent HTTP request and Mythic server HTTP response indicators, and how to encode data. For example, the victim sends an HTTP GET request to the attacker with encrypted data. The C&C server responds with a task such as “sleep” or “run command”. Based on the profile specifications, the command output is then encrypted within another request, such as an HTTP POST request.
Quarantine the device while checking for malware.
Block inbound and outbound traffic from suspicious hosts at the network perimeter.
Monitor and investigate unusual network activity for lateral movement or data exfiltration.
Implement network segmentation and the principle of least privilege to minimize the damage caused by a compromised device.
