1 of 3

Payload Types

What is it?

Payload types are the different kinds of agents that can be created and used with Mythic.

Where are they located?

Payload type information is located in the C2 Profiles and Payload Types page by clicking the headphone icon in the top of the page.

From this initial high-level view, a few important pieces of information are shown:

Container status indicates if the backing container is online or offline based on certain RabbitMQ Queues existing or not. This status is checked every 5 seconds or so.
The name of the payload type which must be unique
Which operating systems the agent supports

To modify the Payload Type itself, you need to modify the corresponding class in the Payload Type's docker container. This class will extend the PayloadType class.

Where can I find more documentation about them?

The documentation container contains detailed information about the commands, OPSEC considerations, supported C2 profiles, and more for each payload type when you install it. From the Payload Types page, you can click the blue document icon to automatically open up the local documentation website to that agent.

Configuration

View Configuration

All of a payload type's parameters are configurable from within the Payload Type's docker container. Edit the corresponding information in the class that extends the PayloadType class.

There are a few interesting pieces to call out here:

"Is this payload a wrapper for another payload"
- A "Payload Wrapper" is a special form of payload type that simply acts a a wrapper for another payload type. An easy example of this is msbuild or macros from the Windows environment. These are payloads you might drop onto a system, but they aren't the real payload you're trying to execute. They're just wrappers for the actual end payload. That's the same goal here.
Does this payload support dynamic loading - This is where you can specify if your payload allows you to load new modules in it or not. If this is false, then when creating a payload, you will not be able to choose which commands you want stamped into it - they'll ALL always be stamped in. If this is set to true, it does allow dynamic loading, then you can freely choose which commands you want stamped in at creation time and load in new commands later.

Containers

Where are they?

All installed docker containers are located at Mythic/InstalledServices/each with their own folder. The currently running ones can be checked with the sudo ./mythic-cli status . Check A note about containers for more information about them.

Why use containers?

Containers allow Mythic to have each Payload Type establish its own operating environment for payload creation without causing conflicting or unnecessary requirements on the host system.

When do containers come into play?

Payload Type containers only come into play for a few special scenarios:

Payload Creation
Tasking
Processing Responses

For more information on editing or creating new containers for payload types, see Payload Type Development.

Payload Types

What is it?

Payload types are the different kinds of agents that can be created and used with Mythic.

Where are they located?

Payload type information is located in the C2 Profiles and Payload Types page by clicking the headphone icon in the top of the page.

From this initial high-level view, a few important pieces of information are shown:

Container status indicates if the backing container is online or offline based on certain RabbitMQ Queues existing or not. This status is checked every 5 seconds or so.
The name of the payload type which must be unique
Which operating systems the agent supports

To modify the Payload Type itself, you need to modify the corresponding class in the Payload Type's docker container. This class will extend the PayloadType class.

Where can I find more documentation about them?

Configuration

View Configuration

All of a payload type's parameters are configurable from within the Payload Type's docker container. Edit the corresponding information in the class that extends the PayloadType class.

There are a few interesting pieces to call out here:

"Is this payload a wrapper for another payload"
- A "Payload Wrapper" is a special form of payload type that simply acts a a wrapper for another payload type. An easy example of this is msbuild or macros from the Windows environment. These are payloads you might drop onto a system, but they aren't the real payload you're trying to execute. They're just wrappers for the actual end payload. That's the same goal here.
Does this payload support dynamic loading - This is where you can specify if your payload allows you to load new modules in it or not. If this is false, then when creating a payload, you will not be able to choose which commands you want stamped into it - they'll ALL always be stamped in. If this is set to true, it does allow dynamic loading, then you can freely choose which commands you want stamped in at creation time and load in new commands later.

Containers

Where are they?

Why use containers?

Containers allow Mythic to have each Payload Type establish its own operating environment for payload creation without causing conflicting or unnecessary requirements on the host system.

When do containers come into play?

Payload Type containers only come into play for a few special scenarios:

Payload Creation
Tasking
Processing Responses

For more information on editing or creating new containers for payload types, see Payload Type Development.