Hunting for Mythic in network traffic

Post-exploitation frameworks Threat actors frequently employ post-exploitation frameworks in cyberattacks to maintain control over compromised hosts and move laterally within the organization's network. While they once favored closed-source frameworks, such as Cobalt Strike and Brute Ratel C4,...

RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware

The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent. "This is the first time that a RomCom payload has been observed being distributed by SocGholish," Arctic Wolf Labs...

Using a Mythic agent to optimize penetration testing

Introduction The way threat actors use post-exploitation frameworks in their attacks is a topic we frequently discuss. It's not just about analysis of artifacts for us, though. Our company's deep expertise means we can study these tools to implement best practices in penetration testing. This hel...

Loki: a new private agent for the popular Mythic framework

In July 2024, we discovered the previously unknown Loki backdoor, which was used in a series of targeted attacks. By analyzing the malicious file and open sources, we determined that Loki is a private version of an agent for the open-source Mythic framework. One of the agent's decrypted strings O...

New BLISTER Malware Update Fuelling Stealthy Network Infiltration

An updated version of a malware loader known as BLISTER is being used as part of SocGholish infection chains to distribute an open-source command-and-control C2 framework called Mythic. "New BLISTER update includes keying feature that allows for precise targeting of victim networks and lowers...

Tetanus - Mythic C2 Agent Targeting Linux And Windows Hosts Written In Rust

Tetanus is a Windows and Linux C2 agent written in rust. Installation To install Tetanus, you will need Mythic set up on a machine. In the Mythic root directory, use mythic-cli to install the agent. payload start tetanus" sudo ./mythic-cli install github https://github.com/MythicAgents/tetanus su...

Operation “Armor Piercer:” Targeted attacks in the Indian subcontinent using commercial RATs

By Asheer Malhotra, Vanja Svajcer and Justin Thattil. Cisco Talos is tracking a campaign targeting government personnel in India using themes and tactics similar to APT36 aka Mythic Leopard and Transparent Tribe.This campaign distributes malicious documents and archives to deliver the Netwire...

Forblaze - A Python Mac Steganography Payload Generator

Forblaze is a project designed to provide steganography capabilities to Mac OS payloads. Using python3, it will build an Obj-C file for you which will be compiled to pull desired encrypted URLs out of the stego file, fetch payloads over https, and execute them directly into memory. It utilizes...

Mythic - A Collaborative, Multi-Platform, Red Teaming Framework

A cross-platform, post-exploit, red teaming framework built with python3, docker, docker-compose, and a web browser UI. It's designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout red teaming. Details Check out a series of YouTube videos...

Transparent Tribe APT expands its Windows malware arsenal

By Asheer Malhotra, Justin Thattil and Kendall McKay. Transparent Tribe, also known as APT36 and Mythic Leopard, continues to create fake domains mimicking legitimate military and defense organizations as a core component of their operations. Cisco Talos' previous research has mainly linked this...

Cody Thomas Mythic Cross-Site Scripting Vulnerability

Cody Thomas Mythic is a Python-based platform used by Cody Thomas Individual Developer to provide solutions to Opsec issues. Cody Thomas Mythic 1.4 suffers from a cross-site scripting vulnerability that allows an attacker to steal remote administrative user sessions or add new users to the admin...

Transparent Tribe: Evolution analysis, part 2

Background + Key findings Transparent Tribe, also known as PROJECTM or MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. In the last four years, this APT group has never taken time off. They continue to hit their targets, which typically are Indian...

Transparent Tribe: Evolution analysis,part 1

Background and key findings Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Proofpoint published a very good article about them in 2016, and since that day, we have kept an eye on the group. We have...

May 2012 – Mythic/Kickstarter

‘Mythic: Stories of Gods and Men’ was yanked from the increasingly popular crowd-funding website, Kickstarter, earlier this year after it became apparent that the game was, in actuality, a sham. Mythic touted itself as an action/strategy based role playing game and managed to raise $4,739 from 83...

Scam Video Game Startup Yanked From Kickstarter After Raising Thousands

A project soliciting funds for a new video game to compete with the likes of World of Warcraft and Skyrim has been pulled from the crowd funding website Kickstarter after it became clear that the proposal was a sham. Mythic: The Story of Gods and Men raised $4,739 from 83 backers before it was...