Rebranded Apfell to Mythic
Added File Browser support to the apfell and poseidon agents
Added SOCKS5 support to poseidon
Added user roles during operations (operator, developer, spectator)
Added a documentation docker container with more verbose details including overviews, traffic flows, opsec considerations, and detailed help/info
Updated the general UI for Mythic
Updated the event logging system for "warnings" that can be resolved
Added ability for search to look through file browsing and eventing data as well
Operator feedback if their parameters don't meet certain validation requirements before the commands even make it to the agents
Complete restructuring of how a developer uses/creates agents/c2 profiles
Added RPC call functionality from payload type and c2 profile containers to the main mythic instance to start hooking into the back-end for scripting
Toggle timestamp view in the UI to see either UTC timestamps or localized timestamps
Persistent, unified processes listings based on the host
Persistent, unified file browser
Badges to see the number of new tasks on a callback you're not currently viewing
More malleable HTTP-based C2 profile with a JSON config
Cookie Support
Arbitrary transforms to text (base64, append, prepend, add random values, etc etc)
Proxy Support
User Agent strings
Slack notifications on new callbacks
The ability to have this only fire for specific payloads (i.e. you might not want it to happen for all of your lateral movement payloads, but do want it to fire for your phishing payloads)
Exportable search results (just export the page or the entire results of a search query)
Exportable artifact search results (just the page or the entire results)
More granular search controls
Filter search by operator
Duplicate saved parameters for c2 profiles to make quick edits
Edit credentials that are saved in the database
Add comments to the saved credentials
Export final report in JSON format
Export information about downloaded / uploaded files
Automatically calculate MD5/SHA1 of files
Badge notifications and searching for Keylogging
Task comments shown when viewing files
Download command output as a text file
Selective caching of responses so large output doesn't slow down the entire callback
Confirmation for mass exit/remove via the UI of callbacks
Issuing a command that causes a parameter popup will first try to auto-populate the values with the last instance of the command you ran on that callback
Save current browsing view in main callback window across refreshes (open tabs)
8hr default token expiration and browser will auto-renew periodically so that there are fewer interruptions in longer ops
Use tab to select autocomplete option and up/down arrows to toggle through autocomplete options
Use ctrl+[
and ctrl+]
to navigate previous/next tab in the active callbacks
tab.
set callback description from command line via set description my description
and reset it back to the default for the payload with set description reset
Your open tabs for the active callbacks view will be remembered per-browser
View Apfell's web log from within the main web UI
Only start select payload type containers when starting Apfell - ./start_apfell.sh viper
will only start the viper
payload type container, but all of the c2 profiles and main containers will still start.
Turn arbitrary VMs into Apfell compatible containers
Import and export single commands at a time instead of the whole payload type
C2 profiles support jitter percentages
Kill Dates in C2 profiles
Bulk download files from downloads page as zip file
Strict argument checking on tasking to make sure required parameters are given
Provide a single streaming list of tasking for all callbacks combined that the operation lead can watch
Filter callback viewable tasks to a single operator or all operators, certain command, and certain task ranges
Add new buttons for hiding or exiting multiple callbacks at once
C2 profiles have associated Notes, Sample Server configuration, and Sample Client configurations that are present from the main UI to give context and base configuration information. This will be particularly useful as C2 profiles grow more complex.
Provide and an interface for supporting P2P communications and visualizations
Provide a recommended style guide for how to create new payloads to best fit in and leverage all of Apfell's features
Integration of Poseidon Agent
Integration of Atlas Agent
Integration of Chrome-extension Agent
Introduction of command-line short-hands such as swap_filenames to allow operators to type uploaded filenames, but have agents get file IDs instead.
All files are now contained within the Apfell folder, no more docker volumes mounted in weird spots automatically
Edit C2 profile code and configurations right in the browser
Included an 'event log' to see all events Apfell is doing behind the scenes as well as allow operators to 'chat' and store messages within their operation. If an operator sends a message on this screen, it'll be shown to all operators in that operation that are on the Active Callbacks page.
Included a 'web log' to see all the web requests to Apfell in the UI
Broke out transforms for commands and create/load operations to mirror the style of browser scripts
Exporting/Importing a payload type will bring along with it: payload code, all associated transforms, all command code, all browser scripts, and all c2 profile associated code.