Mythic Documentation
Version 3.3
Version 3.3
  • Mythic
  • Operators
  • Installation
    • Connecting
    • A note about containers
    • Offline Installation
    • Updating Mythic
  • Internal Documentation
  • Quick Usage
  • Operational Pieces
    • MITRE ATT&CK
    • Operations
    • Browser Scripts
    • Active Callbacks
    • Files
    • Search
    • File Browser
    • Socks Proxy
    • Credentials
    • Comments
    • Tags
    • Expanded Callbacks
    • Screenshots
    • Event Feed
    • Understanding Commands
      • Basic Information
      • Parameters
      • MITRE ATT&CK in Commands
    • Payload Types
      • Containers
    • C2 Profiles
      • C2 Server Utilities
      • Egress vs P2P
      • HTTP
      • dynamicHTTP
      • Save Parameters
    • API Tokens
  • Message Flow
    • Building Payloads
    • Agent Sends Message
    • File Upload Mythic->Agent
    • File Download Agent->Mythic
    • P2P Messages
    • Operator Submits Tasking
  • Database Schema
  • Reporting
    • Artifacts
    • MITRE ATT&CK
    • Reports
  • Scripting
  • Presentations / Webinars
  • Common Errors
  • MythicTips
  • Customizing
    • Customizing Public Agent
    • Hooking Features
      • Actions
      • Linking Agents
        • P2P Connections
      • Process Browser
      • Artifacts
      • Credentials
      • File Downloads (Agent -> Mythic)
      • File Uploads (Mythic -> Agent)
      • Screenshots
      • Add / Remove Commands
      • Keylog
      • File Browser
      • Tokens
      • Alerts
      • SOCKS
      • RPFWD
      • Interactive Tasking
      • Task Status
      • OnContainerStart
    • 1. Payload Type Development
      • 2. Payload Type Definition
        • Container Syncing
        • Turning a VM into a Container
      • 3. Adding Commands
        • Commands
      • 4. Create Tasking & Comms Format
        • Agent Messages
          • 1. Agent Message Format
          • 2. Checkin
          • 3. Get Tasking
          • 4. Submitting Responses
          • 5. SOCKS
          • 6. Reverse Port Forward
          • 7. Peer-to-peer messages
          • 8. Interactive Tasking
      • 5. MythicRPC
      • 6. Browser Scripting
      • 7. Dynamic Parameter Values
      • 8. Sub-tasking / Task Callbacks
      • 9. OPSEC Checking
      • 10. Translation Containers
      • 11. Process Response
      • 12 TypedArray Parse Function
      • 13. SOCKS
      • 14. Reverse PortFwd
      • 15. Interactive Tasking
    • 2. C2 Development
      • Docker & Server Config
        • 1. Docker Containers
        • 2. Configuration Files
        • 3. OPSEC Checks
        • 4. Configuration Checks
        • 5. Sample Message
        • 6. File Hosting
        • 7. Redirect Rules
        • 8. Get IOC
        • 9. Push C2
    • 3. Consuming Containers
      • Webhooks
      • Logging
      • Eventing
        • Operator Context (run_as)
        • Workflow Triggers
        • Steps
      • Auth
    • 4. Extending Agent Commands
    • Mythic UI Development
  • Common Questions and Answers
    • FAQ / Troubleshooting Tips
    • Change Log
    • Tip of the Week
  • Updating
    • Mythic 2.1 -> 2.2 Updates
      • Agents 2.1.* -> 2.2.8
        • MythicRPC
    • Mythic 2.2 -> 2.3 Updates
      • Agents 2.2 -> 2.3
    • Mythic 2.3 -> 3.0 Updates
      • Agents 2.3 -> 3.0
    • Mythic 3.2->3.3 Updates
Powered by GitBook
On this page
  • What's new for 2.2?
  • What Changed for 2.0?
  • What changed for 1.4?

Was this helpful?

Export as PDF
  1. Common Questions and Answers

Change Log

What's new for 2.3?

What's new for 2.2?

The following are the breaking changes for this version

  • All Payload Types and C2 Profiles are split out from the main Mythic repo. If you just install mythic and start it, there will be no payload types or c2 profiles that sync in. You need to leverage the installer script to install additional agents from GitHub

    • To help support this and keep track of these sorts of updates, containers now have "versions" and the main Mythic server has a range of supported container versions. If you have a container that tries to check in that's outside that range, you'll get a warning in the Mythic UI.

  • All Payload Types need to do the following:

    • Control for container files have been moved into PyPi packages rather than just raw files on disk so that updating them will be easier going forward. The current version needed for this is version 0.0.42 (yes, lots of development has been going on): pip install mythic_payloadtype_container==0.0.42.

    • If you are using a DockerImage from the itsafeaturemythic repo, update to the latest:

      • csharp_payload==0.0.11

      • python38_payload==0.0.4

      • xgolang_payload==0.0.9

      • leviathan_payload==0.0.4

  • All C2 Profiles need to do the following:

    • Control for container files has been moved into PyPi packages rather than just raw files on disk so that updating them will be easier going forward. The current version needed for this is version 22: pip install mythic_c2_container==0.0.22

  • Mythic crypto is defined by the Payload Type now rather than the C2 profile. This is part of a change to keep each container in charge of just one thing. Payload Types by default have Mythic handle their crypto, to have a Payload Type do something other than what Mythic does, set mythic_encrypts = False in the builder file for your Payload Type.

  • To more easily support various crypto components going forward, the selection and usage of Crypto parameters in C2 profiles has changed slightly. There's no longer a requirement that the parameter name be AESPSK. Instead, there is another field you can specify for any parameter that crypto_type=True. This specifies that the resulting thing that the user selects/inputs defines what kind of crypto to use. This is simply a boolean value so that you can still leverage the C2 Parameter as normal (string input, choose one, etc) with the expectation that the final value is the type of crypto. In the case of Mythic's standard crypto, the value would be aes256_hmac. This means that Mythic no longer auto-generates a base64 of an AES256 key when displayed to the user, this happens behind the scenes if the resulting type is aes256_hmac.

    • This also causes some variation when building your payload. Normally, you get a dictionary of {"key": "value"} for each C2 Profile parameter for you to leverage when building your payload. For crypto though, this could be highly variable and the components that you want to leverage could vary widely. So, if the parameter has crypto_type=True, then you'll get a dictionary of values. This is split out by type, encryption key, and decryption key because you might want to leverage some pub/priv key asymmetric crypto where those pieces are different or you might want to leverage some other kind of symmetric crypto.

{
    "key":
    {
        "crypto_type": "the value that the user selected, like aes256_hmac",
        "enc_key": "base64 of the encryption key",
        "dec_key": "base64 of the decryption key"
    }
}
  • Make sure you update your pip install of the mythic==0.0.19 package for scripting to handle the updated aspects of these objects.

What Changed for 2.0?

What changed for 1.4?

PreviousFAQ / Troubleshooting TipsNextTip of the Week

Was this helpful?

Solidified P2P spec - and

For detailed steps on how to make updates as a developer, check out the for how to take your 2.1.* agent into the 2.2.2 Mythic

Updating to using a PyPi package instead of local files means that you need to adjust the imports for all of the Python files for your agents. It's nothing too crazy, but you'll update like so:

Updating to using a PyPi packages instead of local files means that you need to adjust the imports for all of the Python files for your C2 profiles. It's nothing too crazy, but you'll need to update like so if you've created your own C2 profiles: .

Delegates
P2P Connections
updating guide
C2 Docker Containers
Payload Type Info