Mythic Documentation
Mythic Documentation
Mythic
Operators
Installation
Internal Documentation
Quick Usage
Operational Pieces
Message Flow
Understanding Commands
Payload Types
C2 Profiles
Reporting
Scripting
Common Errors
Customizing
Hooking Features
Payload Type Development
Translation Containers
First Steps
Container Syncing
Payload Type Info
Commands
Dynamic Parameter Values
Create_Tasking
MythicRPC
OPSEC Checking
Sub-tasking / Task Callbacks
Process Response
Adding Commands
C2 Related Development
Common Questions and Answers
FAQ / Troubleshooting Tips
Change Log
Next Release
Updating
Mythic 2.1 -> 2.2 Updates
Powered by GitBook

Container Syncing

What is it?

When your payload type container starts up, it connects to the rabbitMQ broker system and sends a heartbeat notification to Mythic. Mythic then tries to look up the associated payload type and, if it can find it, will update the last_checkin time. However, if Mythic cannot find the payload type, then it'll issue a "sync" message to the container. Similarly, when a container starts up, the first thing it does upon successfully connecting to the rabbitMQ broker system is to send its own synced data.

This data is simply a JSON representation of everything about your payload - information about the payload type, all the commands, build parameters, command parameters, browser scripts, etc.

When does it happen?

Syncing happens at a few different times and there are some situations that can cause cascading sycing messages.

  • When a payload container starts, it sends all of its sycned data down to Mythic

  • If a container sends a heartbeat and Mythic doesn't recognize the payload type, it'll issue a Sync message back to the container

  • If a C2 profile syncs, it'll trigger a re-sync of all Payload Type containers. This is because a payload type container might say it supports a specific C2, but that c2 might not be configured to run or might not have check-ed in yet. So, when it does, this re-sync of all the payload type containers helps make sure that every agent that supports the C2 profile is properly registered.

  • When a Payload Type container syncs, it triggers a re-sync of all "Wrapper" payload types. This is because a wrapper might support a payload type that doesn't exist yet in Mythic (configured to not start, hasn't checked in yet, etc). So, when that type does check in, we want to make sure all of the wrapper payload types are aware and can update as necessary.

Current PayloadType Versions

  • 9 (Mythic 2.2.8)

    • mythic_payloadtypecontainer==0.0.45

      • csharp_payload==0.0.14

      • python38_payload==0.0.7

      • xgolang_payload==0.0.12

      • leviathan_payload==0.0.7

  • 8 ( Mythic 2.2.7)

    • mythic_payloadtype_container==0.0.44

    • itsafeaturemythic DockerHub images:

      • itsafeaturemythic/python38_payload:0.0.6

      • itsafeaturemythic/csharp_payload:0.0.13

      • itsafeaturemythic/leviathan_payload:0.0.6

      • itsafeaturemythic/xgolang_payload:0.0.11

  • 7 (Mythic 2.2.6)

    • mythic_payloadtype_container==0.0.43

    • itsafeaturemythic DockerHub images:

      • itsafeaturemythic/python38_payload:0.0.5

      • itsafeaturemythic/csharp_payload:0.0.12

      • itsafeaturemythic/leviathan_payload:0.0.5

      • itsafeaturemythic/xgolang_payload:0.0.10

Previous
First Steps
Next
Payload Type Info
Last updated 3 months ago
Contents
What is it?
When does it happen?
Current PayloadType Versions