Mythic Documentation
Search…
Version 2.2
Mythic
Operators
Installation
Internal Documentation
Quick Usage
Operational Pieces
Message Flow
Understanding Commands
Payload Types
C2 Profiles
Reporting
Scripting
Common Errors
Customizing
Hooking Features
Actions
Linking Agents
P2P Connections
Process_List
Artifacts
Credentials
Download
Commands
Keylog
File Browser
Task Status
Payload Type Development
C2 Related Development
Common Questions and Answers
FAQ / Troubleshooting Tips
Change Log
Next Release
Updating
Mythic 2.1 -> 2.2 Updates
Powered By GitBook
Artifacts
Agent reports new artifacts created on the system or network

Example (user tasking):

Any command is able to reply with its own artifacts that are created along the way. The following response can be returned as a separate C2 message or as part of the command's normal output.
The following response is part of the normal agent response. So, it is base64 encoded and put in the normal response format

Example (agent response):

1
{
2
"task_id": "task uuid here",
3
"user_output": "some user output here",
4
"artifacts": [
5
{
6
"base_artifact": "Process Create",
7
"artifact": "sh -c whoami"
8
},
9
{
10
"base_artifact": "File Write",
11
"artifact": "/users/itsafeature/Desktop/notmalware.exe"
12
}
13
]
14
}
Copied!

Walkthrough:

Agents can report back their own artifacts they create at any time. They just include an artifacts keyword with an array of the artifacts. There are two components to this:
  1. 1.
    base_artifact is the type of base artifact being reported. If this base_artifact type isn't already captured in the "Global Configurations" -> "Artifact Types" page, then this base_artifact value will be created.
  2. 2.
    artifact is the actual artifact being created. This is a free-form field.
Artifacts created this way will be tracked in the "Reporting" -> "Reporting Artifacts" page.
Previous
Process_List
Next
Credentials
Last modified 1yr ago
Copy link
Contents
Example (user tasking):
Example (agent response):
Walkthrough: