Change Log

What Changed for 2.0?

  • Rebranded Apfell to Mythic

  • Added File Browser support to the apfell and poseidon agents

  • Added SOCKS5 support to poseidon

  • Added user roles during operations (operator, developer, spectator)

  • Added a documentation docker container with more verbose details including overviews, traffic flows, opsec considerations, and detailed help/info

  • Updated the general UI for Mythic

  • Updated the event logging system for "warnings" that can be resolved

  • Added ability for search to look through file browsing and eventing data as well

  • Operator feedback if their parameters don't meet certain validation requirements before the commands even make it to the agents

  • Complete restructuring of how a developer uses/creates agents/c2 profiles

  • Added RPC call functionality from payload type and c2 profile containers to the main mythic instance to start hooking into the back-end for scripting

What changed for 1.4?

  • Toggle timestamp view in the UI to see either UTC timestamps or localized timestamps

  • Persistent, unified processes listings based on the host

  • Persistent, unified file browser

  • Badges to see the number of new tasks on a callback you're not currently viewing

  • More malleable HTTP-based C2 profile with a JSON config

    • Cookie Support

    • Arbitrary transforms to text (base64, append, prepend, add random values, etc etc)

    • Proxy Support

    • User Agent strings

  • Slack notifications on new callbacks

    • The ability to have this only fire for specific payloads (i.e. you might not want it to happen for all of your lateral movement payloads, but do want it to fire for your phishing payloads)

  • Exportable search results (just export the page or the entire results of a search query)

  • Exportable artifact search results (just the page or the entire results)

  • More granular search controls

    • Filter search by operator

  • Duplicate saved parameters for c2 profiles to make quick edits

  • Edit credentials that are saved in the database

  • Add comments to the saved credentials

  • Export final report in JSON format

  • Export information about downloaded / uploaded files

  • Automatically calculate MD5/SHA1 of files

  • Badge notifications and searching for Keylogging

  • Task comments shown when viewing files

  • Download command output as a text file

  • Selective caching of responses so large output doesn't slow down the entire callback

  • Confirmation for mass exit/remove via the UI of callbacks

  • Issuing a command that causes a parameter popup will first try to auto-populate the values with the last instance of the command you ran on that callback

  • Save current browsing view in main callback window across refreshes (open tabs)

  • 8hr default token expiration and browser will auto-renew periodically so that there are fewer interruptions in longer ops

  • Use tab to select autocomplete option and up/down arrows to toggle through autocomplete options

  • Use ctrl+[ and ctrl+] to navigate previous/next tab in the active callbacks tab.

  • set callback description from command line via set description my description and reset it back to the default for the payload with set description reset

  • Your open tabs for the active callbacks view will be remembered per-browser

  • View Apfell's web log from within the main web UI

  • Only start select payload type containers when starting Apfell - ./start_apfell.sh viper will only start the viper payload type container, but all of the c2 profiles and main containers will still start.

  • Turn arbitrary VMs into Apfell compatible containers

  • Import and export single commands at a time instead of the whole payload type

  • C2 profiles support jitter percentages

  • Kill Dates in C2 profiles

  • Bulk download files from downloads page as zip file

  • Strict argument checking on tasking to make sure required parameters are given

  • Provide a single streaming list of tasking for all callbacks combined that the operation lead can watch

  • Filter callback viewable tasks to a single operator or all operators, certain command, and certain task ranges

  • Add new buttons for hiding or exiting multiple callbacks at once

  • C2 profiles have associated Notes, Sample Server configuration, and Sample Client configurations that are present from the main UI to give context and base configuration information. This will be particularly useful as C2 profiles grow more complex.

  • Provide and an interface for supporting P2P communications and visualizations

  • Provide a recommended style guide for how to create new payloads to best fit in and leverage all of Apfell's features

  • Integration of Poseidon Agent

  • Integration of Atlas Agent

  • Integration of Chrome-extension Agent

  • Introduction of command-line short-hands such as swap_filenames to allow operators to type uploaded filenames, but have agents get file IDs instead.

  • All files are now contained within the Apfell folder, no more docker volumes mounted in weird spots automatically

  • Edit C2 profile code and configurations right in the browser

  • Included an 'event log' to see all events Apfell is doing behind the scenes as well as allow operators to 'chat' and store messages within their operation. If an operator sends a message on this screen, it'll be shown to all operators in that operation that are on the Active Callbacks page.

  • Included a 'web log' to see all the web requests to Apfell in the UI

  • Broke out transforms for commands and create/load operations to mirror the style of browser scripts

  • Exporting/Importing a payload type will bring along with it: payload code, all associated transforms, all command code, all browser scripts, and all c2 profile associated code.